Vulnerability Assessment & Network Security Forums

If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important. If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery.

Home >> Browse Vulnerability Assessment Database >> CGI abuses : XSS >> w-Agora Multiple Input Validation Vulnerabilities

Vulnerability Assessment Details

w-Agora Multiple Input Validation Vulnerabilities

Vulnerability Assessment Summary
Checks for vulnerabilities in w-Agora

Detailed Explanation for this Vulnerability Assessment

The remote host is running w-agora, a web-based forum management software
written in PHP.

There are multiple input validation flaws in the remote version of this
software :

- There is an SQL injection vulnerability in the file 'redir_url.php' which
may permit a possible hacker to execute arbitrary SQL statements in the remote
database

- There is a cross site scripting issue which may permit a possible hacker to
steal the cookies of the legitimate users of the remote site by sending them
a specially malformed link

- There is an HTTP response splitting vulnerability which may also permit
a possible hacker to perform cross-site scripting attacks against the remote host.

Solution : Upgrade to the newest version of this software
Network Security Threat Level: High

Networks Security ID: 11283

Vulnerability Assessment Copyright: This script is Copyright (C) 2004-2007 Tenable Network Security

Cables, Connectors