Wallpaper Website wallpaper.php SQL injection
| wallpaperwebsite-wallpaper-sql-injection (30528) |  Medium Risk |
Description:
Wallpaper Website is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements to the wallpaper.php dlwallpaper.php or the process.php script using the wallpaperid, login or the password parameter, which could allow the attacker to view, add, modify or delete information in the back-end database.
Platforms Affected:
- EasySiteNetwork, Wallpaper Website 1.0.09
Remedy:
No remedy available as of July 4, 2009.
Consequences:
Data Manipulation
References:
- EasySiteNetwork Web site, Wallpaper Website at http://www.easysitenetwork.com/modules.php?name=Content&pa=showpage&pid=7.
- BID-21274: Wallpaper Complete Website Wallpaper.PHP SQL Injection Vulnerability
- CVE-2006-6214: SQL injection vulnerability in wallpaper.php in Wallpaper Website (Wallpaper Complete Website) 1.0.09 allows remote attackers to execute arbitrary SQL commands via the wallpaperid parameter.
- CVE-2006-6215: Multiple SQL injection vulnerabilities in Wallpaper Website (Wallpaper Complete Website) 1.0.09 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) login or (2) password parameter to (a) process.php, or the (3) wallpaperid parameter to (b) dlwallpaper.php.
- SA23084: Wallpaper Website Multiple SQL Injections
- VUPEN/ADV-2006-4687: Wallpaper Website Multiple Parameter Remote SQL Query Injection Vulnerabilities
Reported:
Nov 23, 2006
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net