Vastal I-tech phpVID 1.2.3 SQL Injection Security Vulnerabilities

Web Technology Wire


Vastal I-tech phpVID 1.2.3 SQL Injection Security Vulnerabilities

Exploit Title: Vastal I-tech phpVID /groups.php Multiple Parameters SQL Injection Security Vulnerabilities

Product: phpVID

Vendor: Vastal I-tech

Vulnerable Versions: 1.2.3 0.9.9

Tested Version: 1.2.3 0.9.9

Advisory Publication: March 10, 2015

Latest Update: March 10, 2015

Vulnerability Type: Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) [CWE-89]

CVE Reference: *

Impact CVSS Severity (version 2.0):

CVSS v2 Base Score: 7.5 (HIGH) (AV:N/AC:L/Au:N/C:P/I:P/A:P) (legend)

Impact Subscore: 6.4

Exploitability Subscore: 10.0

Credit: Wang Jing [Mathematics, Nanyang Technological University (NTU), Singapore]

Advisory Details:

(1) Vendor & Product Description:


Vastal I-tech

Product & Vulnerable Versions:




Vendor URL & Download:

phpVID can be bought from here,

Product Introduction:

“phpVID is a video sharing software or a video shating script and has all the features that are needed to run a successful video sharing website like The features include…

View original post 271 more words

About essaybeans

Getting realistic and idealistic at the same time.
This entry was posted in Computer & Web Technology and tagged , , , , , , , , , , , , , , , , , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s