|
Family: CGI abuses --> Category: infos
WebCalendar SQL Injection Vulnerability Vulnerability Scan
Vulnerability Scan Summary Sends a malformed cookie to the remote host
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote web server has a PHP script that is affected by a SQL
injection flaw.
Description :
The remote version of WebCalendar is vulnerable to a SQL injection
vulnerability that may allow a possible hacker to execute arbitrary SQL
statements against the remote database. A possible hacker may be able to
leverage this issue to, for example, delete arbitrary database tables.
See also :
http://www.scovettalabs.com/advisory/SCL-2005.001.txt
http://marc.theaimsgroup.com/?l=bugtraq&m=110868446431706&w=2
Solution :
Upgrade to WebCalendar 0.9.5 or later.
Threat Level:
Medium / CVSS Base Score : 5
(AV:R/AC:L/Au:NR/C:N/A:P/I:P/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|