Vulnerability Scanning Solutions, LLC.
Our Process
What We Scan For
Sample Report
Client List
Contact Us
What We Scan For
Family: CGI abuses --> Category: attack

phpWebThings forum Parameter SQL Injection Vulnerabilities Vulnerability Scan

Vulnerability Scan Summary
Check if phpWebThings is vulnerable to SQL Injection attacks

Detailed Explanation for this Vulnerability Test

Synopsis :

The remote web server contains a PHP script that is prone to SQL
injection attacks.

Description :

The remote host is running the phpWebThings application framework.

The version of phpWebThings installed on the remote host does not
properly sanitize user input in the 'forum' and 'msg' parameters of
'forum.php' script before using it in database queries. A possible hacker
can exploit this vulnerability to display the usernames and passwords
(md5 hash) from the website and then use this information to gain
administrative access to the affected application.

See also :

Solution :

Apply the phpWebthings 1.4 forum patch referenced in the third URL

Threat Level:

High / CVSS Base Score : 7.0

Click HERE for more information and discussions on this network vulnerability scan.


P.O. Box 827051

Pembroke Pines, FL 33082-7051

Vulnerability Scanning Solutions, LLC.