Handshakes Professional version 4.1 suffers from a remote SQL injection vulnerability.
35b955a7d870227ad43152ccc8657154fedddb89d144cf08d642e76d7ee49ada
HTTPCS Advisory : HTTPCS70
Product : Handshakes Professional
Version : 4.1
Date : 2012-10-01
Criticality level : Highly Critical
Description : A vulnerability has been discovered in Handshakes Professional,
which can be exploited by malicious people to conduct SQL injection attacks.
Input passed via the 'frm_id' parameter to '/index.php' is not properly
sanitised before being used in a SQL query. This can be exploited to manipulate
SQL queries by injecting arbitrary SQL code.
Page : /index.php
Variables : page=forum§ion=forum&frm_id=[VulnHTTPCS]
Type : SQLI
Method : GET
Solution :
References : https://www.httpcs.com/advisory/httpcs70
Credit : HTTPCS [Web Vulnerability Scanner]