|
|
Family: CGI abuses --> Category: attack
Invision Gallery Multiple Input Validation Vulnerabilities Vulnerability Scan
Vulnerability Scan Summary
Checks for multiple input validation vulnerabilities in Invision Gallery
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote web server contains a PHP application is vulnerable to
multiple attacks.
Description :
The remote host is running Invision Gallery, a community-based photo
gallery test for Invision Power Board.
The version installed on the remote host fails to properly sanitize
user-supplied data through several parameters, making it prone to
multiple SQL injection and cross-site scripting vulnerabilities.
These flaws may allow a possible hacker to delete images and/or albums,
discover password hashes, and even affect UPDATE database queries.
See also :
http://www.gulftech.org/?node=research&article_id=00079-06092005
Solution :
Upgrade to Invision Gallery 1.3.1 or greater.
Threat Level:
Low / CVSS Base Score : 3
(AV:R/AC:L/Au:R/C:P/A:N/I:P/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|
