|
Family: CGI abuses --> Category: infos
PHPSurveyor sid SQL Injection Flaw Vulnerability Scan
Vulnerability Scan Summary Checks for PHPSurveyor sid SQL injection flaw
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote web server contains a PHP script that is affected by a SQL
injection flaw.
Description:
The remote host is running PHPSurveyor, a set of PHP scripts that
interact with MySQL to develop surveys, publish surveys and collect
responses to surveys.
The remote version of this software is prone to a SQL injection flaw.
Using specially crafted requests, a possible hacker can manipulate database
queries on the remote system.
See also :
http://www.phpsurveyor.org/mantis/view.php?id=286
http://sourceforge.net/project/shownotes.php?release_id=381050&group_id=74605
Solution :
Upgrade to PHPSurveyor version 0.991 or later.
Threat Level:
High / CVSS Base Score : 7.0
(AV:R/AC:L/Au:NR/C:P/I:P/A:P/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|