|
|
Vulnerability Assessment & Network Security Forums |
|||||||||
|
If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important. If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery. Home >> Browse Vulnerability Assessment Database >> CGI abuses >> phpMyFAQ username SQL Injection Vulnerability Vulnerability Assessment Details
|
phpMyFAQ username SQL Injection Vulnerability |
||
|
Checks for username SQL injection vulnerability in phpMyFAQ Detailed Explanation for this Vulnerability Assessment Summary : The remote web server contains a PHP script that permits for SQL injection attacks. Description : The remote host is running a version of phpMyFAQ that fails to sufficiently sanitize the 'username' parameter before using it in SQL queries. As a result, a remote attacker can pass malicious input to database queries, potentially resulting in data exposure, data modification, or attacks against the database itself. See also : http://www.phpmyfaq.de/advisory_2005-03-06.php Solution : Upgrade to phpMyFAQ version 1.4.7 or 1.5.0 RC2 or greater. Network Security Threat Level: Medium / CVSS Base Score : 5 (AV:R/AC:L/Au:NR/C:P/A:N/I:P/B:N) Networks Security ID: 12741 Vulnerability Assessment Copyright: This script is Copyright (C) 2005-2007 Tenable Network Security |
||
|
Software, Operating Systems |
|
||
|
No Discussions have been posted on this vulnerability. |