Summary
This host is installed with ClipBucket and is prone to multiple vulnerabilities.
Impact
Successful exploitation will allow attacker to execute arbitrary HTML or script code and manipulate SQL queries in the backend database allowing for the manipulation or disclosure of arbitrary data.
Impact Level: Application
Solution
Apply the patch from the below link,
For patch refer to http://sourceforge.net/projects/clipbucket/files/ClipBucket%20v2
Insight
Input passed via multiple parameters to multiple scripts is not properly sanitised before being returned to the user. For more information please check the Reference section
Affected
ClipBucket version 2.6, Other versions may also be affected.
Detection
Send a crafted HTTP GET request and check whether it is able to execute sql query or not.
References
Severity
Classification
-
CVE CVE-2012-6642, CVE-2012-6643, CVE-2012-6644 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities