|
|
Family: CGI abuses --> Category: attack
ADODB sql Parameter SQL Injection Vulnerability Vulnerability Scan
Vulnerability Scan Summary
Checks for sql parameter SQL injection vulnerability in ADODB
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote web server has a PHP script that is affected by a SQL
injection flaw.
Description :
The remote host is running ADODB, a database abstraction library for
PHP.
The installed version of ADODB includes a test script named
'server.php' that fails to sanitize user input to the 'sql' parameter
before using it in database queries. A possible hacker can exploit this
issue to launch SQL injection attacks against the underlying database.
See also :
http://secunia.com/secunia_research/2005-64/advisory/
Solution :
Remove the test script or set a root password for MySQL.
Threat Level:
High / CVSS Base Score : 7.0
(AV:R/AC:L/Au:NR/C:P/I:P/A:P/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|
