Description
Multiple SQL injection vulnerabilities in Betster (aka PHP Betoffice) 1.0.4 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) showprofile.php or (2) categoryedit.php or (3) username parameter in a login to index.php.
Exploits (1)
References (3)
Core 3
Core References
Exploit, Third Party Advisory exploit
x_refsource_exploit-db
https://www.exploit-db.com/exploits/36306/
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/534816/100/0/threaded
Exploit x_refsource_misc
http://packetstormsecurity.com/files/130696/Betster-1.0.4-SQL-Injection-Authentication-Bypass.html
Scores
EPSS
0.0094
EPSS Percentile
76.4%
Details
CWE
CWE-89
Status
published
Products (1)
betster_project/betster
1.0.4
Published
Mar 12, 2015
Tracked Since
Feb 18, 2026