|
Vulnerability Assessment & Network Security Forums |
|||||||||
If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important. If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery. Home >> Browse Vulnerability Assessment Database >> CGI abuses >> Exhibit Engine list.php SQL Injection Vulnerabilities Vulnerability Assessment Details
|
Exhibit Engine list.php SQL Injection Vulnerabilities |
||
Checks for SQL injection vulnerability in Exhibit Engine's list.php Detailed Explanation for this Vulnerability Assessment Summary : The remote web server contains a PHP application that is vulnerable to SQL injection attacks. Description : The remote host is running Exhibit Engine, a web-based photo gallery written in PHP. The version installed on the remote host suffers from a SQL injection vulnerability due to its failure to sanitize user-supplied input to various parameters of the 'list.php' script. A possible hacker can exploit these flaws to inject arbitrary SQL statements into the affected application, possibly even reading arbitrary database entries. See also : http://www.sec-consult.com/176.html http://archives.neohapsis.com/archives/fulldisclosure/2005-06/0007.html http://photography-on-the.net/forum/showthread.php?p=579692 Solution : Upgrade if necessary to EE 1.5RC4 and apply the patched 'slashwork.php' script referenced in the second URL above. Network Security Threat Level: Medium / CVSS Base Score : 5 (AV:R/AC:L/Au:NR/C:P/A:N/I:P/B:N) Networks Security ID: 13844 Vulnerability Assessment Copyright: This script is Copyright (C) 2005-2006 Tenable Network Security |
||
Cables, Connectors |
Macintosh Platinum Mouse - Apple 128K 512K 512Ke Mac Plus Lisa IIe M0100 - NEW
$44.99
Vintage Apple lle 128k Enhanced Computer A2S2064 Rebuilt W/ Disk Drive & more
$389.99
Apple Macintosh 128k 512k Plus Analog Board Capacitor Re-Cap Kit - US Shipping
$23.95
1984 APPLE MACINTOSH Model M0001 1st MAC 128K 40th Anniversary PICASSO KIT NICE
$4999.99
Apple Macintosh 128K M0001 Computer with 128K Label - Estate Sale SOLD AS IS
$2468.10
Apple Macintosh Mac 128K M0001 Computer 1984 w/Keyboard M0110 Mouse M0100 & Bag
$849.99
Vintage M0001 Macintosh 128 128K Computer 1984 Front Cover Nice
$79.00
Working 1984 Apple Mac Macintosh 128K M0001 - Restored/Serviced/Tested
$1381.27
Apple Macintosh 128K Parts Kit - P/N 073-0140-A
$273.60
Apple Macintosh 128K M0001 Computer with Mouse, no keyboard. Case included. 1984
$508.89
|
||
No Discussions have been posted on this vulnerability. |