SimpGB contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'guestbook.php' script not properly sanitizing user-supplied input to the 'quote' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.
Upgrade to version 1.35.2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.
Discovery of this vulnerability is credited to visus.
SimpGB SimpGB 1.0
SimpGB is reportedly affected by an SQL injection vulnerability. This issue is due to the application failing to properly sanitize user-supplied input passed to the 'guestbook.php' script before using it in a SQL query.
This vulnerability could permit remote attackers to pass malicious input to database queries, resulting in modification of query logic or other attacks.
It is reported that the vendor has addressed this vulnerability, however this is not confirmed. Customers are advised to contact the vendor in regards to obtaining and applying an appropriate update.
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: firstname.lastname@example.org <mailto:email@example.com>.