This can lead to the disclosure of private information and data manipulation.

BACKCLICK Professional 5.9.63 is vulnerable to SQL injection. Attackers can inject arbitrary SQL queries into the application to cause database corruption or gain access to private data.

Possible vectors for SQL injection include posting/retrieving data via URL, email, HTTP requests, etc.

CVE-2018-1101 Vulnerability found in BACKCLICK Professional 5.9.63, a cross-site scripting issue was found in the application. An attacker can inject malicious code into the application to steal data or perform phishing attacks.

CVE-2018-1102 Vulnerability found in BACKCLICK Professional 5.9.63, a SQL injection issue was found in the application. Attackers can inject arbitrary SQL queries into the application to cause database corruption or gain access to private data.

CVE-2018-1103 Vulnerability found in BACKCLICK Professional 5.9.63, an information exposure issue was found in the application. Data can be accessed by third parties by manipulating the data during signup.

CVE-2018-1104 Vulnerability found in BACKCLICK Professional 5.9.63, an XSS issue was found in the application. An attacker can inject malicious code into the application to steal data or perform phishing attacks.

CVE-2018-1105 Vulnerability found in BACKCLICK Professional 5.9.63, a

SQL injection in BACKCLICK Professional 5.9.63

BACKCLICK Professional 5.9.63 is vulnerable to SQL injection. Attackers can inject arbitrary SQL queries into the application to cause database corruption or gain access to private data.
Possible vectors for SQL injection include posting/retrieving data via URL, email, HTTP requests, etc.
The vulnerable code is located in the addtask function that handles task creation and editing. This attack could be carried out on a targeted user utilizing the admin panel of the application.

Timeline

Published on: 11/16/2022 22:15:00 UTC
Last modified on: 11/21/2022 17:54:00 UTC

References