|
Family: CGI abuses --> Category: attack
Invision Power Board Arcade SQL Injection Vulnerability Vulnerability Scan
Vulnerability Scan Summary Detect Invision Power Board Arcade SQL Injection
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote web server contains a PHP script that is affected by a SQL
injection vulnerability.
Description :
The installation of Invision Power Board on the remote host includes
an optional module, named 'Arcade', that allows unauthorized users to
inject SQL commands into the remote SQL database through the 'cat'
parameter. A possible hacker may use this flaw to gain control of the
remote database and possibly to overwrite files on the remote host.
See also :
http://archives.neohapsis.com/archives/bugtraq/2004-11/0264.html
Solution :
Unknown at this time.
Threat Level:
Medium / CVSS Base Score : 4
(AV:R/AC:H/Au:NR/C:P/A:N/I:P/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|