14 DAY TRIAL // Researchers from the Vulnerability Lab found an SQL Injection vulnerability in Facebook Game Store that could allow an attacker to remotely inject and execute SQL commands.
The application that contains the security hole is managed by a third party and it’s sponsored by the Facebook Game Store Development Team.
The high-severity flaw was disclosed to the vendor and the developer on February 2 and was disclosed publicly on February 4, but there is no indication if the issue has been addressed.
Vulnerabilities found on Facebook pages are rare, but considering the social network site’s large number of customers their existence could have serious consequences.
Lately, Vulnerability Lab experts have found a lot of security bugs in major websites, the most important ones being those identified in Kaspersky Anti-Virus and Internet Security 2012, Dusseldorf International Airport and a number of other high-profile sites such as Google, Forbes, Myspace, MTV and Ferrari.