Summary
This host is running Campsite and is prone to SQL injection vulnerability.
Impact
Successful exploitation will allow attacker to manipulate SQL queries by injecting arbitrary SQL code, which leads to view, add, modify or delete information in the back-end database.
Impact Level: Application
Solution
Apply patch or Upgrade to Campsite version 3.3.6 or later, http://www.sourcefabric.org/en/home/web/6/campsite.htm?tpl=18 http://www.sourcefabric.org/en/home/web_news/65/important-security-patch-for-campsite-3.2-and-above.htm?tpl=32
*****
NOTE: Please ignore the warning if the patch is applied.
*****
Insight
The flaw is due to improper validation of user supplied input via the 'article_id' parameter to 'javascript/tinymce/plugins/campsiteattachment/attachments.php', which is not properly sanitised before being used in SQL queries.
Affected
Campsite version 3.3.5 and prior
References
Severity
Classification
-
CVE CVE-2010-1867 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- AlienVault OSSIM SQL Injection and Remote Code Execution Vulnerabilities
- Apache Struts2 Showcase Skill Name Remote Code Execution Vulnerability
- artmedic_links5 File Inclusion Vulnerability
- Atlassian JIRA Privilege Escalation and Multiple Cross Site Scripting Vulnerabilities
- Admbook PHP Code Injection Flaw