Dir2web - '/system/src/dispatcher.php?oid' SQL Injection

Author: Daniel Correa
type: webapps
platform: php
port: 
date_added: 2012-08-07 
date_updated: 2015-07-13 
verified: 1 
codes: CVE-2012-4070;OSVDB-84745 
tags: 
aliases:  
screenshot_url:  
application_url: 

source: https://www.securityfocus.com/bid/54845/info

Dir2web is prone to multiple security vulnerabilities, including an SQL-Injection vulnerability and an information-disclosure vulnerability.

Successfully exploiting these issues allows remote attackers to compromise the software, retrieve information, modify data, disclose sensitive information, or gain unauthorized access; other attacks are also possible.

Dir2web versions 3.0 is vulnerable; other versions may also be affected.

http://www.example.com/index.php?wpid=homepage&oid=6a303a0aaa' OR id > 0-- -