vAuthenticate multiple SQL injection vulnerabilities
Multiple vulnerabilities have been discovered in vAuthenticate, which can be exploited by malicious users and malicious people to conduct SQL injection attacks, according to Secunia,
1. Input passed to the “username” and “password” POST parameters in vAuthenticate.php is not properly sanitised before being used in the “authenticate()” function (auth.php) in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
2. Input passed to the “USERNAME” and “PASSWORD” cookie parameters in e.g. admin/index.php is not properly sanitised before being used in the “page_check()” function (auth.php) in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
3. Input passed to the “USERNAME” and “PASSWORD” cookie parameters in chgpwd.php (when “submit” is set) is not properly sanitised before being used in a SQL query. This can be exploited by malicious users to manipulate SQL queries by injecting arbitrary SQL code.
NOTE: This can be exploited in combination with vulnerability #2.
4. Input passed to the “newpasswd” POST parameter in chgpwd.php (when “submit” is set) is not properly sanitised before being used in a SQL query. This can be exploited by malicious users to manipulate SQL queries by injecting arbitrary SQL code.
NOTE: This can be exploited in combination with vulnerability #3.
The vulnerabilities are confirmed in version 3.0.1. Other versions may also be affected.
Solution: Edit the source code to ensure that input is properly sanitized.