www.eVuln.com : "time" SQL Injection vulnerability in WSN Guest Feb 21 2011 06:15AM
bt evuln com
www.eVuln.com advisory:

"time" SQL Injection vulnerability in WSN Guest



eVuln ID: EV0175

Software: WSN Guest

Vendor: n/a

Version: 1.24

Critical Level: medium

Type: SQL Injection

Status: Unpatched. No reply from developer(s)

PoC: Not available

Solution: Not available

Discovered by: Aliaksandr Hartsuyeu ( http://evuln.com/ )



SQL Injection in "time" parameter

It is possible to inject SQL expression using "time" parameter in the "memberlist.php" script.

Parameter "time" is used in SQL query without proper sanitation.


PoC code is available at:



Not available


Vulnerability discovered by Aliaksandr Hartsuyeu

http://evuln.com/code-analysis.html - website source code analysis

[ reply ]


Privacy Statement
Copyright 2010, SecurityFocus