|
|
Family: CGI abuses --> Category: attack
UBB.threads dosearch.php SQL injection Vulnerability Scan
Vulnerability Scan Summary
SQL Injection in UBB.threads
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote web server contains a PHP script that is prone to
SQL injection attacks.
Description :
There is a SQL injection issue in the remote version of UBB.threads
that may allow a possible hacker to execute arbitrary SQL statements on the
remote host and potentially overwrite arbitrary files on the remote
system by sending a malformed value to the 'Name' argument of the file
'dosearch.php'.
See also :
http://marc.theaimsgroup.com/?l=bugtraq&m=109839925207038&w=2
Solution :
Unknown at this time.
Threat Level:
Medium / CVSS Base Score : 4
(AV:R/AC:L/Au:NR/C:P/A:N/I:N/B:C)
Click HERE for more information and discussions on this network vulnerability scan.
|
