Intrusion Prevention

PHP.Labs.Top.Auction.search.php.SQL.Injection

Description

This indicates a possible exploit of a SQL infection vulnerability in Top Auction that may allow an attacker to carry out an SQL injection attack. The issue is due to the search.php script not properly sanitizing user-supplied input to the "searchterm" variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.

Affected Products

Top Auction (www.phplabs.com).

Impact

Data compromise.

Recommended Actions

Apply appropriate patch from the vendor if available.

Other References

1