|
|
Family: CGI abuses --> Category: attack
Serendipity SQL Injections Vulnerability Scan
Vulnerability Scan Summary
Checks for SQL injection vulnerability in Serendipity
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote web server contains a PHP script that is prone to SQL
injection attacks.
Description :
The remote version of Serendipity is vulnerable to SQL injection
issues due to a failure of the application to properly sanitize user-
supplied input.
A possible hacker may exploit this flaw to issue arbitrary statements in the
remote database, and therefore bypass authorization or even overwrite
arbitrary files on the remote system
See also:
http://lists.grok.org.uk/pipermail/full-disclosure/2004-September/026955.html
http://www.s9y.org/5.html
Solution :
Upgrade to Serendipity 0.7.0beta3 or later.
Threat Level:
Medium / CVSS Base Score : 5
(AV:R/AC:L/Au:NR/C:P/A:N/I:P/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|
