Family: CGI abuses --> Category: attack
LifeType articleId Parameter SQL Injection Vulnerability Vulnerability Scan
Vulnerability Scan Summary
Tries to exploit SQL injection issue in LifeType
Detailed Explanation for this Vulnerability Test
The remote web server contains a PHP script that is prone to SQL
The remote host is running LifeType, an open-source blogging platform
written in PHP.
The version of LifeType installed on the remote fails to sanitize
user-supplied input to the 'articleId' parameter of the 'index.php'
script before using it to construct database queries. Regardless of
PHP's 'magic_quotes_gpc' setting, an unauthenticated attacker can
exploit this flaw to manipulate database queries and, for example,
recover the administrator's password hash.
See also :
Upgrade to LifeType version 1.0.5 or later.
High / CVSS Base Score : 7.0
Click HERE for more information and discussions on this network vulnerability scan.