|
|
Family: CGI abuses --> Category: attack
Help Center Live Multiple Vulnerabilities (2) Vulnerability Scan
Vulnerability Scan Summary
Checks for multiple vulnerabilities (2) in Help Center Live
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote web server contains a PHP application that suffers from
multiple vulnerabilities.
Description :
The remote host is running Help Center Live, a help desk written in
PHP that suffers from multiple vulnerabilities:
- Multiple SQL Injection Vulnerabilities
The application fails in many cases to sanitize user-
supplied input before using it in database queries. As
long as PHP's 'magic_quotes_gpc' setting is 'off', an
attacker can exploit these flaws to uncover sensitive
information such as user's names and password hashes.
- Multiple Cross-Site Scripting Vulnerabilities.
There are several ways that a possible hacker can inject
arbitrary HTML and script code into a user's browser
via the affected application. By exploiting them, an
attacker can not only steal cookies but also cause a
logged-in admin to perform arbitrary requests.
See also :
http://www.gulftech.org/?node=research&article_id=00076-05172005
Solution :
Contact the vendor for a patch.
Threat Level:
Medium / CVSS Base Score : 4
(AV:R/AC:H/Au:NR/C:P/A:N/I:P/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|
