|
Family: CGI abuses --> Category: attack
PaFileDB pafiledbcookie SQL Injection Vulnerability Vulnerability Scan
Vulnerability Scan Summary Checks for pafiledbcookie SQL injection vulnerability in PaFileDB
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote web server contains a PHP script that is susceptible to SQL
injection attacks.
Description :
The remote version of PaFileDB suffers from a flaw by which an
attacker can gain access to the application's administrative control
panel by means of a SQL injection attack via a specially-crafted
cookie.
See also :
http://www.security-project.org/projects/board/showthread.php?t=947
Solution :
Edit '$authmethod' in 'pafiledb.php' to disable cookie-based
authentication.
Threat Level:
Medium / CVSS Base Score : 5
(AV:R/AC:L/Au:NR/C:P/A:N/I:P/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|