BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to the Zeroday Tracker: Your Vulnerability Watchlist

Get critical updates on the latest zeroday threats, including impact, mitigation and protection information - only from BeyondTrust.

Fobuc Guestbook SQL Injection Vulnerability

Disclosed June 11, 2013    Zeroday : 436 days

Vulnerability Description:

The Fobuc Guestbook contains a vulnerability caused by the “category” parameter in GET requests sent to index.php, which is later used in a SQL query. If properly leveraged, this vulnerability may allow a remote attacker to inject SQL commands into a target database.

Vendors:

Fobuc

Vulnerable Software/Devices:

Fobuc Guestbook 0.9 and earlier versions

Vulnerability Severity:

Medium

Exploit Availability:

Publicly Available

Exploit Impact:

SQL Injection
A remote attacker is able to insert SQL commands into the value of the "category" parameter in a query, allowing an attacker to query the database and possibly gain access to sensitive information. This may be leveraged to gain access to other sensitive components of a website or publicly facing infrastructure.

BeyondTrust Prevention and Detection:

BeyondTrust's Retina® Network Security Scanner scans devices to detect for this vulnerability.

  • 19304 - Fobuc Guestbook SQL Injection Vulnerability (20130612) (Zero-Day) 

Mitigation:

No mitigation is currently available. 

Links:

CVE(s):

None