• IDP Daily Update #1278
  posted: 10/07/08
  
• NSM Daily Update #1278
  posted: 10/07/08
  
• Deep Inspection 5.3r5 and above, 5.4, 6.0 #1278
  posted: 10/07/08
  
• Deep Inspection 5.1, 5.2, 5.3r4 and below #1274
  posted: 10/07/08
  
• Deep Inspection 5.0 #1132
  posted: 04/01/08
  
• Antivirus
  posted: 10/07/08

Text Size:        

• Product Information
• Security Products Overview
• Juniper Networks ISG Series
• IDP Demo
• Product Poster & Z-Card 

Title: XOOPS Recette 'detail.php' SQL Injection Vulnerability

Severity: MODERATE

Description:

Recette is a XOOPS module for managing cookbooks. It is implemented in PHP.

The application is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data to the 'id' parameter of the 'detail.php' script before using it in an SQL query.

A successful exploit may allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Recette 2.2 is vulnerable to this issue; other versions may also be affected.

Affected Products:

• Xoops Recette 2.2

References:

• XOOPS: XOOPS Homepage
• XOOPS: XOOPS Recette Homepage