Vulnerability Assessment & Network Security Forums



If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important.  If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery.


Home >> Browse Vulnerability Assessment Database >> CGI abuses >> phpMyFAQ username SQL Injection Vulnerability


Vulnerability Assessment Details

phpMyFAQ username SQL Injection Vulnerability

Vulnerability Assessment Summary
Checks for username SQL injection vulnerability in phpMyFAQ

Detailed Explanation for this Vulnerability Assessment

Summary :

The remote web server contains a PHP script that permits for SQL
injection attacks.

Description :

The remote host is running a version of phpMyFAQ that fails to
sufficiently sanitize the 'username' parameter before using it in SQL
queries. As a result, a remote attacker can pass malicious input to
database queries, potentially resulting in data exposure, data
modification, or attacks against the database itself.

See also :

http://www.phpmyfaq.de/advisory_2005-03-06.php

Solution :

Upgrade to phpMyFAQ version 1.4.7 or 1.5.0 RC2 or greater.

Network Security Threat Level:

Medium / CVSS Base Score : 5
(AV:R/AC:L/Au:NR/C:P/A:N/I:P/B:N)

Networks Security ID: 12741

Vulnerability Assessment Copyright: This script is Copyright (C) 2005-2007 Tenable Network Security

Cables, Connectors


DELL M630 BLADE SERVER x2 XEON E5-2660V3 @ 2.6GH H730 PERC HDD CADDIES 16GB FC picture

DELL M630 BLADE SERVER x2 XEON E5-2660V3 @ 2.6GH H730 PERC HDD CADDIES 16GB FC

$75.00



Sun Microsystems Blade 150 Workstation UltraSPARC-IIe 650MHz 256MB Server No HDD picture

Sun Microsystems Blade 150 Workstation UltraSPARC-IIe 650MHz 256MB Server No HDD

$224.97



Dell PowerEdge FX2s CTO Blade 4 Slot 2U Chassis 2x 2000W picture

Dell PowerEdge FX2s CTO Blade 4 Slot 2U Chassis 2x 2000W

$249.00



Dell Poweredge C8000 4U Chassis w/8x C8220 Blade 16x E5-2660 v2  1024gb Ram  8TB picture

Dell Poweredge C8000 4U Chassis w/8x C8220 Blade 16x E5-2660 v2 1024gb Ram 8TB

$814.99



Dell PowerEdge M1000e (BMX01) Server Enclosure w/ 16-PowerEdge M610 Blade Server picture

Dell PowerEdge M1000e (BMX01) Server Enclosure w/ 16-PowerEdge M610 Blade Server

$899.99



Dell Poweredge M630 Barebone CTO Blade Server includes 2x Heatsinks picture

Dell Poweredge M630 Barebone CTO Blade Server includes 2x Heatsinks

$99.00



Google Search Appliance - Dell PowerEdge R710 x2 Xeon X5690 192GB Memory 6TB HDD picture

Google Search Appliance - Dell PowerEdge R710 x2 Xeon X5690 192GB Memory 6TB HDD

$529.99



Dell PowerEdge M620 Blade Server picture

Dell PowerEdge M620 Blade Server

$39.99



DELL PowerEdge M630 Blade 2x E5-2697v4 2.3GHz =36 Cores 128GB H330 2x10Gb X520 picture

DELL PowerEdge M630 Blade 2x E5-2697v4 2.3GHz =36 Cores 128GB H330 2x10Gb X520

$376.00



Dell PowerEdge M620 Blade Server 2x E5-2670 2.6Ghz 16-Cores  256gb  2x 146gb 15k picture

Dell PowerEdge M620 Blade Server 2x E5-2670 2.6Ghz 16-Cores 256gb 2x 146gb 15k

$244.99



Discussions

No Discussions have been posted on this vulnerability.