Family: CGI abuses --> Category: attack
Exhibit Engine list.php SQL Injection Vulnerabilities Vulnerability Scan
Vulnerability Scan Summary
Checks for SQL injection vulnerability in Exhibit Engine's list.php
Detailed Explanation for this Vulnerability Test
The remote web server contains a PHP application that is vulnerable to
SQL injection attacks.
The remote host is running Exhibit Engine, a web-based photo gallery
written in PHP.
The version installed on the remote host suffers from a SQL injection
vulnerability due to its failure to sanitize user-supplied input to
various parameters of the 'list.php' script. A possible hacker can exploit
these flaws to inject arbitrary SQL statements into the affected
application, possibly even reading arbitrary database entries.
See also :
Upgrade if necessary to EE 1.5RC4 and apply the patched
'slashwork.php' script referenced in the second URL above.
Medium / CVSS Base Score : 5
Click HERE for more information and discussions on this network vulnerability scan.