|
|
Family: CGI abuses --> Category: attack
PHP Support Tickets SQL Injection Vulnerability Vulnerability Scan
Vulnerability Scan Summary
Checks for SQL injection vulnerability in PHP Support Tickets
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote web server has a PHP application that is affected by a SQL
injection flaw.
Description :
The remote host is running PHP Support Tickets, an open-source support
ticketing system written in PHP.
The installed version of PHP Support Tickets does not validate input
to the 'username' or 'password' parameters of the 'index.php' script
before using it in a database query. A possible hacker may be able to
leverage this issue to manipulate SQL queries to, for example, bypass
authentication and gain administrative access to the affected
application.
See also :
http://www.nii.co.in/vuln/PHPSupportTickets.html
Solution :
Contact the vendor as reportedly there is a patch to fix the issue.
Threat Level:
High / CVSS Base Score : 7.0
(AV:R/AC:L/Au:NR/C:P/I:P/A:P/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|
