|
Family: CGI abuses --> Category: attack
phpMyFAQ < 1.6.8 Multiple SQL Injection Vulnerabilities Vulnerability Scan
Vulnerability Scan Summary Checks for SQL injection in phpMyFAQ
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote web server contains a PHP application that is affected by
several SQL injection issues.
Description :
The version of phpMyFAQ on the remote host does not properly validate
input to the 'uin' parameter of several scripts before using it in
database queries. An unauthenticated remote attacker may be able to
leverage these issues to launch SQL injection attacks against the
affected application, even bypass authentication and upload arbitrary
files that can then be run on the affected host subject to the
rights of the web server user id.
See also :
http://www.phpmyfaq.de/advisory_2006-12-15.php
Solution :
Upgrade to phpMyFAQ 1.6.8 or later.
Threat Level:
High / CVSS Base Score : 7.0
(AV:R/AC:L/Au:NR/C:P/I:P/A:P/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|