Summary
This host is installed with Bacula-web
and is prone to sql injection vulnerability.
Impact
Successful exploitation will allow attacker
to manipulate SQL queries in the backend database, and disclose certain sensitive information.
Impact Level: Application
Solution
No solution or patch is available as of
20th February, 2015. Information regarding this issue will be updated once the solution details are available, For updates refer http://www.bacula-web.org
Insight
Flaw is due to the joblogs.php script not
properly sanitizing user-supplied input to the 'jobid' parameter.
Affected
Bacula-web version 5.2.10, Other versions
may also be affected.
Detection
Send a crafted request via HTTP GET and
check whether it is able to execute sql query or not.
References
Severity
Classification
-
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Acute Control Panel SQL Injection Vulnerability and Remote File Include Vulnerability
- AjaxPortal 'di.php' File Inclusion Vulnerability
- ASP-Dev XM Event Diary Multiple Vulnerabilities
- Apple Safari RSS Feed Information Disclosure Vulnerability
- Apache Struts2 Redirection and Security Bypass Vulnerabilities