Easy Banner Free: SQL Injection Vulnerability

Users of Easy Banner Free please be advised of a SQL injection vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)

EV0147: [EV0147] SQL injection Auth Bypass in Easy Banner Free
Software: Easy Banner Free
Type: SQL injection
——–Description——–
Vulnerability exists in member.php script.
User-defined parameters username and password are not properly sanitized against SQL injections.
This can be used to bypass authentication or execute arbitrary SQL query.

Read more at http://www.criticalwatch.com

 

Advertisements