Creative Community Portal vuln.

Creative Community Portal vuln.

###############################################
Vuln. discovered by : r0t (Pridels Sec Crew)
Date: 8 may 2006
vendor:www.creative-software.co.uk/community2.html
affected versions:1.1 and prior
orginal advisory:http://pridels.blogspot.com/2006/05/creative-community-portal-vuln.html
###############################################

Vuln. Description:

Creative Community Portal contains a multiple flaws that allows a
remote sql injection attacks.Input passed to the "forum_id" parameter
in "DiscView.php" and "Discussions.php" ,input passed to the
"article_id" parameter in "ArticleView.php" and input passed to the
"event_id" parameter in "EventView.php" and input passed to the
"answer_id","AddVote" parameter in "PollResults.php" and input passed
to the "mid" parameter in "DiscReply.php" isn't properly sanitised
before being used in a SQL query.
Input passed to the "prod_id" parameter in "cart.php" and
"product_info.php" isn't properly sanitised before being used in a SQL
query.
This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

examples:

/ArticleView.php?article_id=[SQL]
/DiscView.php?mid=144&forum_id=[SQL]
/Discussions.php?forum_id=[SQL]
/EventView.php?event_id=[SQL]
/PollResults.php?answer_id=32&AddVote=[SQL]
/PollResults.php?answer_id=[SQL]
/DiscReply.php?forum_id=1&mid=[SQL]

###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################
More information @ unsecured-systems.com/forum/