|
Family: CGI abuses --> Category: infos
SPIP < 1.8.2-g SQL Injection and XSS Flaws Vulnerability Scan
Vulnerability Scan Summary Checks for SPIP SQL injection flaw
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote web server has a PHP application that is affected by
multiple flaws.
Description:
The remote host is running SPIP, an open-source CMS written in PHP.
The remote version of this software is prone to SQL injection and
cross site scripting attacks. A possible hacker could send specially
crafted URL to modify SQL requests, for example, to obtain the admin
password hash, or execute malicious script code on the remote system.
See also :
http://www.zone-h.org/en/advisories/read/id=8650/
http://www.securityfocus.com/archive/1/423655/30/0/threaded
http://listes.rezo.net/archives/spip-en/2006-02/msg00002.html
http://listes.rezo.net/archives/spip-en/2006-02/msg00004.html
Solution :
Upgrade to SPIP version 1.8.2-g or later.
Threat Level:
High / CVSS Base Score : 7.0
(AV:R/AC:L/Au:NR/C:P/I:P/A:P/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|