Family: CGI abuses --> Category: infos
SPIP < 1.8.2-g SQL Injection and XSS Flaws Vulnerability Scan
Vulnerability Scan Summary
Checks for SPIP SQL injection flaw
Detailed Explanation for this Vulnerability Test
The remote web server has a PHP application that is affected by
The remote host is running SPIP, an open-source CMS written in PHP.
The remote version of this software is prone to SQL injection and
cross site scripting attacks. A possible hacker could send specially
crafted URL to modify SQL requests, for example, to obtain the admin
password hash, or execute malicious script code on the remote system.
See also :
Upgrade to SPIP version 1.8.2-g or later.
High / CVSS Base Score : 7.0
Click HERE for more information and discussions on this network vulnerability scan.