|
|
Family: CGI abuses --> Category: attack
DUware iType Parameter SQL Injection Vulnerability Vulnerability Scan
Vulnerability Scan Summary
Checks for iType parameter SQL injection vulnerability in DUware
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote web server has an ASP application that is affected by a SQL
injection flaw.
Description :
The remote host is running an ASP application from DUware such as
DUamazon, DUarticle, DUclassified, DUdirectory, DUdownload, DUgallery,
DUnews or DUpaypal.
The installed version of that application does not validate input to
the 'iType' parameter of the 'inc_type.asp' script before using it in
a database query. A possible hacker may be able to leverage this issue to
manipulate SQL queries.
Solution :
Unknown at this time.
Threat Level:
High / CVSS Base Score : 7.0
(AV:R/AC:L/Au:NR/C:P/I:P/A:P/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|
