LinPHA Session Cookie SQL Injection Vulnerability

LinPHA is reported to contain an SQL injection vulnerability in its session cookie handling code. This issue is due to a failure of the application to properly sanitize user-supplied input before using it in an SQL query.

Successful exploitation could result in compromise of the application, disclosure or modification of data or may permit an attacker to exploit vulnerabilities in the underlying database implementation. It is demonstrated that an attacker may exploit this vulnerability in order to gain administrative access to the application.

Version 0.9.4 has been reported susceptible to this vulnerability. Prior versions may also be affected.


Privacy Statement
Copyright 2010, SecurityFocus