Family: CGI abuses --> Category: infos
INL ulog-php SQL injection Vulnerability Scan
Vulnerability Scan Summary
Searches for the existence of a SQL injection vulnerability in ulog
Detailed Explanation for this Vulnerability Test
The remote web server contains a PHP script that is vulnerable to SQL
The remote host is running ulog-php, a firewall log analysis interface
written in PHP.
There is a SQL injection vulnerability in the remote interface, in the
'port.php' script that may allow a possible hacker to insert arbitrary SQL
statements into the remote database. A possible hacker may exploit this
flaw to add bogus statements to the remote log database or to remove
arbitrary log entries from the database, thus clearing his tracks.
Upgrade to ulog-php 0.8.2 or later.
Medium / CVSS Base Score : 5
Click HERE for more information and discussions on this network vulnerability scan.