|
Family: CGI abuses --> Category: attack
Noah's Classifieds <= 1.3 Multiple Vulnerabilities Vulnerability Scan
Vulnerability Scan Summary Checks for search page SQL injection flaw in Noah's Classifieds
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote web server contains a PHP application that is affected by
multiple vulnerabilities.
Description :
The remote host is running Noah's Classifieds, a classifieds ads
application written in PHP.
The installed version of Noah's Classifieds is reportedly affected by
numerous remote and local file include, SQL injection, cross-site
scripting, and information disclosure issues due to a general failure
of the application to sanitize user-supplied input.
Note that successful exploitation of the file include flaws requires
that PHP's 'register_globals' setting be enabled.
See also :
http://www.securityfocus.com/archive/1/425783/30/0/threaded
Solution :
Remove the application as it is no longer supported.
Threat Level:
High / CVSS Base Score : 7.0
(AV:R/AC:L/Au:NR/C:P/I:P/A:P/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|