|
|
Family: CGI abuses --> Category: infos
OpenBB SQL injection Vulnerability Scan
Vulnerability Scan Summary
Tests for SQL Injection
Detailed Explanation for this Vulnerability Test
The remote host seems to be running OpenBB, a forum management
system.
There is a bug which allows a possible hacker to inject SQL command
when passing a single quote (') to the CID argument of the
file index.php, as in : GET /index.php?CID='
A possible hacker may use this flaw to gain credentials or to modify
your database.
Solution : If the remote host is running OpenBB, upgrade to the latest version
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|
