Family: CGI abuses --> Category: attack
phpWebSite Search Module SQL Injection Vulnerability Vulnerability Scan
Vulnerability Scan Summary
Detects search module SQL injection vulnerability in phpWebSite
Detailed Explanation for this Vulnerability Test
The remote web server contains a PHP script that is prone to SQL
The remote host is running a version of phpWebSite that fails to
sanitize user-supplied input to the 'module' parameter of the 'search'
module before using it in database queries. A possible hacker may be able to
exploit this issue to obtain sensitive information such as user names
and password hashes or to launch attacks against the database.
See also :
Apply the security patch referenced in the vendor's advisory or upgrade
to phpWebSite 0.10.2 or later.
High / CVSS Base Score : 7.0
Click HERE for more information and discussions on this network vulnerability scan.