|
Family: CGI abuses --> Category: attack
Invision Community Blog Multiple Input Validation Vulnerabilities Vulnerability Scan
Vulnerability Scan Summary Checks for multiple input validation vulnerabilities in Invision Community Blog
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote web server contains a PHP application is vulnerable to
multiple attacks.
Description :
The remote host is running Invision Community Blog, a test for
Invision Power Board that lets users have their own blogs.
The version installed on the remote host fails to properly sanitize
user-supplied data making it prone to multiple SQL injection and
cross-site scripting vulnerabilities. These flaws may allow an
attacker to gain access to sensitive information such as passwords and
cookie data.
See also :
http://www.gulftech.org/?node=research&article_id=00078-06072005
Solution :
Upgrade to Invision Community Blog 1.1.2 Final or greater.
Threat Level:
Low / CVSS Base Score : 3
(AV:R/AC:L/Au:R/C:P/A:N/I:P/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|