Primary

Context

XooDigital SQL Injection Vulnerability in Results.php

Vulnerability

A SQL injection vulnerability has been identified in XooDigital Latest, allowing unauthenticated attackers to manipulate database queries by injecting SQL code through the 'p' parameter. This vulnerability exists in the results.php file, where attackers can send GET requests with malicious 'p' values to extract sensitive database information.

Impact

Exploitation of this vulnerability allows for SQL injection, where attackers can manipulate database queries. This could lead to unauthorized data access, data manipulation, or in some cases, executing administrative operations on the database.

Reproduction

To reproduce this vulnerability, send a GET request to results.php with a crafted 'p' parameter that includes SQL injection payloads. The injected SQL code will be executed by the database, allowing extraction or manipulation of database information.

Added: Mar 12, 2026, 4:34 PM

Updated: Mar 12, 2026, 4:34 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.7

remediation

0.0

relevance

3.8

threat

6.4

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.7

remediation

0.0

relevance

3.8

threat

6.4

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

XooDigital SQL Injection Vulnerability in Results.php

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating