Family: CGI abuses --> Category: attack
LifeType date Parameter SQL Injection Vulnerability Vulnerability Scan
Vulnerability Scan Summary
Tries to exploit SQL injection issue in LifeType
Detailed Explanation for this Vulnerability Test
The remote web server contains a PHP script that is prone to a SQL
The remote host is running LifeType, an open-source blogging platform
written in PHP.
The version of LifeType installed on the remote fails to sanitize
user-supplied input to the 'date' parameter of the 'index.php' script
before using it to construct database queries. Regardless of PHP's
'magic_quotes_gpc' setting, an unauthenticated attacker can exploit
this flaw to manipulate database queries and, for example, recover the
administrator's password hash.
See also :
Unknown at this time.
High / CVSS Base Score : 7.0
Click HERE for more information and discussions on this network vulnerability scan.