SQL Injection Vulnerability in iTechClassifieds by iTech Solutions
CVE-2014-100020

Currently unrated

Key Information:

Vendor: Itechscripts
Status: Itechclassifieds
Vendor: CVE Published:; 13 January 2015

🔔 Create Itechscripts Vulnerability Alert

What is CVE-2014-100020?

A SQL injection flaw exists in ChangeEmail.php within iTechClassifieds version 3.03.057, enabling remote attackers to execute arbitrary SQL queries through the PreviewNum parameter. This vulnerability compromises the application's database integrity and may lead to unauthorized data access. It's notable that the CatID parameter's vulnerabilities have been previously documented and are not covered by this description.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/90683

vdb-entryx_refsource_XF

http://www.securityfocus.com/bid/65089

vdb-entryx_refsource_BID

http://www.exploit-db.com/exploits/31140

exploitx_refsource_EXPLOIT-DB

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 13, 2015
Vulnerability Reserved
Jan 13, 2015