Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
ClipBucket Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability - CVE-2012-5849 - Vulnerability Database
ClipBucket

ClipBucket Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability - CVE-2012-5849

High
Reference: CVE-2012-5849
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2012-5849
Title: ClipBucket Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
Overview:

Multiple SQL injection vulnerabilities in ClipBucket 2.6 Revision 738 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) uid parameter in an add_friend action to ajax.php id parameter in a (2) share_object (3) add_to_fav (4) rating or (5) flag_object action to ajax.php cid parameter in an (6) add_new_item (7) remove_collection_item (8) get_item or (9) load_more_items action to ajax.php (10) ci_id parameter in a get_item action to ajax.php user parameter to (11) user_contacts.php or (12) view_channel.php (13) pid parameter to view_page.php (14) tid parameter to view_topic.php or (15) v parameter to watch_video.php.