Intrusion Prevention

Softbiz.referfriend.sbresid.SQL.Injection

Description

This indicates a possible attempt of an SQL Injection attack against the Softbiz Resource Repository Script.
Softbiz Resource Repository Script contains a programming flaw that may allow an attacker to carry out an SQL injection attack. The problem is in the refer_friend.php script. It does not properly sanitize user-supplied input to the sbres_id variable. A succesful exploit can allow an attacker to execute SQL queries into the database.

Affected Products

Softbiz Resource Repository Script 1.1.

Impact

Compromise of the Database.

Recommended Actions

Apply appropriate patch from the vendor or upgrade to non-vulnerable version if available.