MiniTwitter Security Bypass and SQL Injection Vulnerabilities

MiniTwitter is prone to a security-bypass vulnerability and an SQL-injection issue.

Exploiting the security-bypass issue may allow an attacker to bypass certain security restrictions and perform unauthorized actions. The attacker can exploit the SQL-injection issue by manipulating the SQL query logic to carry out unauthorized actions on the underlying database. This may compromise the application and may aid in further attacks.

MiniTwitter 0.2 Beta is vulnerable; other versions may also be affected.


 

Privacy Statement
Copyright 2010, SecurityFocus