CVE-2010-4143

medium

Published 2010-11-02 · Modified 2026-04-29

💬 Discuss on Community ✚ Propose mitigation

CVSS v3

—

CVSS v4 NEW

—

not yet in upstream

VIR risk

7.8

Description

SQL injection vulnerability in chart.php in phpCheckZ 1.1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter.

Predictions

Exploit likelihood

20%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

No mitigations published for this CVE yet.

The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or — if you've already worked around this in production — publish your fix to the community-verified tier.

✚ Propose a mitigation on Community → Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here with source_tier=community-verified.

Exploits

Public proof-of-concept code below. AS-IS, for defenders and authorised testing only.

Exploit-DB

EDB-15284 webapps php text · 1 KB

Salvatore Fresta · 2010-10-19

phpCheckZ 1.1.0 - Blind SQL Injection

text exploit Source: Exploit-DB

phpCheckZ 1.1.0 Blind SQL Injection Vulnerability

 Name              phpCheckZ
 Vendor            http://www.phpcheckz.com
 Versions Affected 1.1.0

 Author            Salvatore Fresta aka Drosophila
 Website           http://www.salvatorefresta.net
 Contact           salvatorefresta [at] gmail [dot] com
 Date              2010-10-19

X. INDEX

 I.    ABOUT THE APPLICATION
 II.   DESCRIPTION
 III.  ANALYSIS
 IV.   SAMPLE CODE
 V.    FIX
 

I. ABOUT THE APPLICATION
________________________

phpCheckZ is a web application that allows you to  easily
create checklists for your website. 


II. DESCRIPTION
_______________

A parameter is not properly sanitised  before  being used
in a SQL query.


III. ANALYSIS
_____________

Summary:

 A) Blind SQL Injection
 

A) Blind SQL Injection
______________________

The parameters id in chart.php is  not properly sanitised
before being used in a SQL  query. This  can be exploited
to manipulate SQL queries by injecting arbitrary SQL code.

Successful exploitation  requires that "magic_quotes_gpc"
is disabled. 


IV. SAMPLE CODE
_______________

A) Blind SQL Injection

http://site/path/chart.php?id=1' AND '1'='1
http://site/path/chart.php?id=1' AND '1'='0


V. FIX
______

No fix.

Application impact

Vendor	Product	Versions	Fixed
phpcheckz	phpcheckz	`1.1.0`

References

CWEs

CWE-89

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.