Family: CGI abuses --> Category: attack
Invision Gallery st Parameter SQL Injection Vulnerability Vulnerability Scan
Vulnerability Scan Summary
Checks for st parameter SQL injection vulnerability in Invision Gallery
Detailed Explanation for this Vulnerability Test
The remote web server contains a PHP script that is affected by a SQL
The remote host is running Invision Gallery, a community-based photo
gallery test for Invision Power Board.
The version of Invision Gallery installed on the remote host fails to
properly sanitize user-supplied input to the 'st' parameter of the
'index.php' script before using it in database queries. A possible hacker
may be able to leverage this issue to expose or modify sensitive data
or launch attacks against the underlying database.
See also :
Apply the patch referenced in the vendor advisory above.
Medium / CVSS Base Score : 4
Click HERE for more information and discussions on this network vulnerability scan.