Description
SQL injection vulnerability in asp/includes/contact.asp in QuickerSite 1.8.5 allows remote attackers to execute arbitrary SQL commands via the sNickName parameter in a profile action to default.asp.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by BugReport.IR · textwebappsphp
https://www.exploit-db.com/exploits/5733
References (6)
Core 6
Core References
Various Sources x_refsource_misc
http://www.bugreport.ir/39/exploit.htm
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/46228
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/42866
Various Sources x_refsource_misc
http://www.bugreport.ir/index_39.htm
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/30501
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/29524
Scores
EPSS
0.0029
EPSS Percentile
52.7%
Details
CWE
CWE-89
Status
published
Products (1)
quickersite/quickersite
1.8.5
Published
Apr 08, 2009
Tracked Since
Feb 18, 2026