Family: CGI abuses --> Category: attack
phpWebThings forum Parameter SQL Injection Vulnerabilities Vulnerability Scan
Vulnerability Scan Summary
Check if phpWebThings is vulnerable to SQL Injection attacks
Detailed Explanation for this Vulnerability Test
The remote web server contains a PHP script that is prone to SQL
The remote host is running the phpWebThings application framework.
The version of phpWebThings installed on the remote host does not
properly sanitize user input in the 'forum' and 'msg' parameters of
'forum.php' script before using it in database queries. A possible hacker
can exploit this vulnerability to display the usernames and passwords
(md5 hash) from the website and then use this information to gain
administrative access to the affected application.
See also :
Apply the phpWebthings 1.4 forum patch referenced in the third URL
High / CVSS Base Score : 7.0
Click HERE for more information and discussions on this network vulnerability scan.