|
|
Vulnerability Assessment & Network Security Forums |
|||||||||
|
If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important. If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery. Home >> Browse Vulnerability Assessment Database >> CGI abuses >> PHPSurveyor sid SQL Injection Flaw Vulnerability Assessment Details
|
PHPSurveyor sid SQL Injection Flaw |
||
|
Checks for PHPSurveyor sid SQL injection flaw Detailed Explanation for this Vulnerability Assessment Summary : The remote web server contains a PHP script that is affected by a SQL injection flaw. Description: The remote host is running PHPSurveyor, a set of PHP scripts that interact with MySQL to develop surveys, publish surveys and collect responses to surveys. The remote version of this software is prone to a SQL injection flaw. Using specially crafted requests, a possible hacker can manipulate database queries on the remote system. See also : http://www.phpsurveyor.org/mantis/view.php?id=286 http://sourceforge.net/project/shownotes.php?release_id=381050&group_id=74605 Solution : Upgrade to PHPSurveyor version 0.991 or later. Network Security Threat Level: High / CVSS Base Score : 7.0 (AV:R/AC:L/Au:NR/C:P/I:P/A:P/B:N) Networks Security ID: 16077 Vulnerability Assessment Copyright: This script is Copyright (C) 2006 David Maciejak |
||
|
Workstation Components, Memory |
|
||
|
No Discussions have been posted on this vulnerability. |