Intrusion Prevention

PHP.mailarticle.php.ID.Parameter.SQL.Injection

Description

It indicates a possible exploit of a SQL injection vulnerability in Clever Copy.
This flaw is due to an input validation error in the "mailarticle.php" script that does not properly validate the "ID" parameter before being used in SQL statements. It may be exploited by malicious people to conduct SQL injection attacks, to bypass the authentication procedures and gain unauthorized access to the application.

Affected Products

Clever Copy version 3.0 and prior

Impact

The execution of arbitrary SQL commands on the system.

Recommended Actions

Upgrade to the latest version of the vulnerable software.

CVE References

CVE-2006-0583