|
Family: CGI abuses --> Category: infos
PHPNews sendtofriend.php SQL injection Vulnerability Scan
Vulnerability Scan Summary Makes a request to the remote host by supplying the mid paramter in the url
Detailed Explanation for this Vulnerability Test
The remote host is using PHPNews, an open source news application.
It utilizes database to store the content.
A vulnerability exists in the remote version of this software
which may allow a possible hacker to inject arbitrary SQL code and
possibly execute arbitrary code, due to improper validation of
user supplied input in the 'mid' parameter of script
'sendtofriend.php'.
Solution : Upgrade to the version 1.2.4 of this software
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|