Home    |    View Topics    |    Search    |    Contact Us    |   



Category:   Application (Generic)  >   socialMPN Vendors:
socialMPN Input Validation Holes Permit SQL Injection Attacks
SecurityTracker Alert ID:  1014214
SecurityTracker URL:
CVE Reference:   CVE-2005-2031   (Links to External Site)
Updated:  Jul 17 2008
Original Entry Date:  Jun 16 2005
Impact:   Disclosure of system information, Disclosure of user information, User access via network
Exploit Included:  Yes  

Description:   LINUX from reported several vulnerabilities in socialMPN. A remote user can inject SQL commands. A remote user can also determine the installation path.

The software does not properly validate user-supplied input in several variables. A remote user can supply specially crafted parameter values to execute SQL commands on the underlying database.

Some demonstration exploit URLs are provided:









Some of these exploit examples may also cause the system to disclose the installation path.

Impact:   A remote user can execute SQL commands on the underlying database.

A remote user can determine the installation path.

Solution:   No solution was available at the time of this entry.
Vendor URL: (Links to External Site)
Cause:   Input validation error
Underlying OS:  Linux (Any), UNIX (Any), Windows (Any)

Message History:   None.

 Source Message Contents

Subject:  Social MPN sql injection and full path disclosure

--  Security  --
Program:  Social MPN
Vulnerable Versions: all
Risk: high
Impact: sql injection and full path disclosure, attacker may execute
arbitrary SQL statements on the vulnerable system.
This may compromise the integrity of your database and expose
sensitive information.

                     -== ==-

- Description

Social MPN is one CMS myPHPNuke like.  SocialMPN The biggest change to
the system is the multi-site functionality we have incorporated into
the package. This allows you to run multiple websites from one install
of SocialMPN.
This can range to completely separate domains (ie:,,
to an all inclusive site with user owned sections, or based on
sub-domains,,,, (wild cards must be
enabled on the server for


Tested with these query variables'&pass=1&op=login'&password='&op=show&aftersid=380


- Credits
Discovered by LINUX <> #shell #uruguay 

- Greets
HaCkZataN, Ali, Waraxe (all waraxe forum members), Slimjim100,erg0t, b04 ,
beford, Mafia Boy (all Gigachat Irc people), .ru crew friends

Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, LLC