|
Family: CGI abuses --> Category: infos
INL ulog-php SQL injection Vulnerability Scan
Vulnerability Scan Summary Searches for the existence of a SQL injection vulnerability in ulog
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote web server contains a PHP script that is vulnerable to SQL
injection attacks.
Description :
The remote host is running ulog-php, a firewall log analysis interface
written in PHP.
There is a SQL injection vulnerability in the remote interface, in the
'port.php' script that may allow a possible hacker to insert arbitrary SQL
statements into the remote database. A possible hacker may exploit this
flaw to add bogus statements to the remote log database or to remove
arbitrary log entries from the database, thus clearing his tracks.
Solution :
Upgrade to ulog-php 0.8.2 or later.
Risk factor:
Medium / CVSS Base Score : 5
(AV:R/AC:L/Au:NR/C:P/A:N/I:P/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|