|
|
Family: CGI abuses --> Category: attack
ADODB do Command Execution Vulnerability Vulnerability Scan
Vulnerability Scan Summary
Checks for do parameter command execution vulnerability in ADODB
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote web server has a PHP script that is affected by a SQL
injection flaw.
Description :
The remote host is running ADODB, a database abstraction library for
PHP.
The installed version of ADODB includes a test script named
'tmssql.php' that fails to sanitize user input to the 'do' parameter
before using it execute PHP code. A possible hacker can exploit this issue
to execute arbitrary PHP code on the affected host subject to the
permissions of the web server user id.
See also :
http://secunia.com/secunia_research/2005-64/advisory/
http://www.nessus.org/u?540d6007
Solution :
Remove the test script or upgrade to ADOdb version 4.70 or higher.
Threat Level:
High / CVSS Base Score : 7
(AV:R/AC:L/Au:NR/C:P/A:P/I:P/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|
