Vulnerability Assessment & Network Security Forums



If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important.  If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery.


Home >> Browse Vulnerability Assessment Database >> CGI abuses >> Etomite CMS id Paramater SQL Injection


Vulnerability Assessment Details

Etomite CMS id Paramater SQL Injection

Vulnerability Assessment Summary
Tries to generate a SQL error with Etomite CMS

Detailed Explanation for this Vulnerability Assessment

Summary :

The remote web server contains a PHP script that is affected by a SQL
injection vulnerability.

Description:

The remote web server is running Etomite CMS, a PHP-based content
management system.

The version of Etomite CMS installed on the remote host fails to
sanitize input to the 'id' parameter before using it in the
'index.php' script in a database query. Provided PHP's
'magic_quotes_gpc' setting is disabled, an unauthenticated attacker
can exploit this issue to manipulate SQL queries, possibly leading to
disclosure of sensitive data, attacks against the underlying database,
and the like.

See also :

http://www.securityfocus.com/archive/1/451838/30/0/threaded

Solution :

No patches or upgrades have been reported by the vendor at this time.

Network Security Threat Level:

Medium / CVSS Base Score : 5.6
(AV:R/AC:H/Au:NR/C:P/I:P/A:P/B:N)

Networks Security ID: 21135

Vulnerability Assessment Copyright: This script is Copyright (C) 2006 Justin Seitz

Cables, Connectors


Vintage DEC/CLEARPOINT INC. QED1 4MB Memory PDP picture

Vintage DEC/CLEARPOINT INC. QED1 4MB Memory PDP

$149.99



VINTAGE DEC DIGITAL DISK FOR RK 05 HARD DRIVE picture

VINTAGE DEC DIGITAL DISK FOR RK 05 HARD DRIVE

$89.99



VINTAGE DEC Digital RK11-D STATUS M7254 PDP 11 (B1) picture

VINTAGE DEC Digital RK11-D STATUS M7254 PDP 11 (B1)

$129.99



Vintage Harris S550 Front Control Panel Console w/ Key, DEC PDP picture

Vintage Harris S550 Front Control Panel Console w/ Key, DEC PDP

$2379.15



Vintage DIGITAL DEC MICROVAX II - 630QZ-A2 picture

Vintage DIGITAL DEC MICROVAX II - 630QZ-A2

$2000.00



Ultra RARE Orange Screen DEC VT320 Powers On Digital Vintage Terminal Monitor picture

Ultra RARE Orange Screen DEC VT320 Powers On Digital Vintage Terminal Monitor

$195.00



VINTAGE Green Screen Digital Terminal Monitor Model DEC VT320 - Powers On picture

VINTAGE Green Screen Digital Terminal Monitor Model DEC VT320 - Powers On

$195.00



VINTAGE Digital Terminal Monitor Model DEC VT320  Powers On Black & White Screen picture

VINTAGE Digital Terminal Monitor Model DEC VT320 Powers On Black & White Screen

$99.00



Vintage DEC Digital Equipment PDP-11 Half Blank Front Panel 19'' picture

Vintage DEC Digital Equipment PDP-11 Half Blank Front Panel 19''

$69.99



Vintage DEC Digital Equipment Corp M8067-LP LG LJ MSV11-PL 512KB 18Bit RAM MOS picture

Vintage DEC Digital Equipment Corp M8067-LP LG LJ MSV11-PL 512KB 18Bit RAM MOS

$83.00



Discussions

No Discussions have been posted on this vulnerability.