Hot Links SQL 3 (CGI version): SQL Injection Vulnerability

Users of Hot Links SQL (CGI version) please be advised of a SQL injection vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)

EV0141: report.cgi SQL inj in Hot Links SQL (CGI version)
Software: Hot Links SQL 3
Type: SQL injection
——–Description——–
SQL injection found in id parameter of report.cgi script. This can be used to make any SQL query by injecting arbitrary
SQL code.
This vulnerability found in CGI version of Hot Links SQL 3.

Read more at http://www.criticalwatch.com

 

Advertisements