AdRotate library/clicktracker.php track Parameter SQL Injection

This exploit is Copyright (C) 2007-2017 DSquare Security, LLC.


Description: AdRotate contains a flaw that may allow carrying out an SQL injection attack.The issue is due to the library/clicktracker.php script not properly sanitizing user-supplied input to the 'track' parameter. This may allow a remote attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.
Family: SQL Injection
Bugtraq ID: BID-65709
CVE ID: CVE-2014-1854
VULNDB ID: VULNDB-103578

Back to Exploits

Share :   Facebook   Twitter   Google+