Redaxscript SQL Injection Vulnerability Network Vulnerability

Summary

Redaxscript is prone to a SQL injection vulnerability.

Impact

An unauthenticated attacker might execute arbitrary SQL commands to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Solution

Upgrade to Radexscript 2.3.0 or later.

Insight

The search_post function in includes/search.php is prone to an SQL injection vulnerability in the search_terms parameter.

Affected

Radexscript 2.2.0

Detection

Check the version or if no version detected try to perform an SQL injection.

References

http://www.exploit-db.com/exploits/36023/
http://www.itas.vn/news/itas-team-found-out-a-sql-injection-vulnerability-in-redaxscript-2-2-0-cms-75.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2015-1518

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Andy's PHP Knowledgebase 'step5.php' Remote PHP Code Execution Vulnerability
AjaXplorer zoho plugin Directory Traversal Vulnerability
Admbook PHP Code Injection Flaw
AlefMentor Multiple SQL Injection Vulnerabilities
Atutor AContent Multiple SQL Injection and XSS Vulnerabilities

Take action and discover your vulnerabilities