|
Family: CGI abuses --> Category: attack
Invision Power Board Post SQL Injection Vulnerability Vulnerability Scan
Vulnerability Scan Summary Detect Invision Power Board Post SQL Injection
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote web server contains a PHP application that is vulnerable to
a SQL injection attack.
Description :
The version of Invision Power Board on the remote host suffers from a
flaw in 'sources/post.php' that allows injection of SQL commands into
the remote SQL database. A possible hacker may use this flaw to gain
control of the remote database and possibly to overwrite files on the
remote host.
See also :
http://archives.neohapsis.com/archives/bugtraq/2004-11/0233.html
http://forums.invisionpower.com/index.php?showtopic=154916
Solution :
Replace the 'sources/post.php' file with the one referenced in the
vendor advisory above.
Threat Level:
Medium / CVSS Base Score : 5
(AV:R/AC:L/Au:NR/C:P/A:N/I:P/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|