|
|
Family: CGI abuses --> Category: attack
Invision Gallery st Parameter SQL Injection Vulnerability Vulnerability Scan
Vulnerability Scan Summary
Checks for st parameter SQL injection vulnerability in Invision Gallery
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote web server contains a PHP script that is affected by a SQL
injection flaw.
Description :
The remote host is running Invision Gallery, a community-based photo
gallery test for Invision Power Board.
The version of Invision Gallery installed on the remote host fails to
properly sanitize user-supplied input to the 'st' parameter of the
'index.php' script before using it in database queries. A possible hacker
may be able to leverage this issue to expose or modify sensitive data
or launch attacks against the underlying database.
See also :
http://www.securityfocus.com/archive/1/415297/30/0/threaded
http://forums.invisionpower.com/index.php?showtopic=197816
Solution :
Apply the patch referenced in the vendor advisory above.
Threat Level:
Medium / CVSS Base Score : 4
(AV:R/AC:L/Au:NR/C:P/A:N/I:N/B:C)
Click HERE for more information and discussions on this network vulnerability scan.
|
