Summary
This host is running CMSQlite and is prone to multiple SQL injection and directory traversal vulnerabilities.
Impact
Successful exploitation will allow attackers to execute SQL commands and arbitrary local files.
Impact Level: Application.
Solution
Upgrade to CMSQlite 1.3 later,
For updates refer to http://www.cmsqlite.net/
Insight
The flaws are due to,
- Improper validation of user supplied input to 'c' parameter in 'index.php', allows attackers to execute SQL commands.
- Improper validation of user supplied input to 'mod' parameter in 'index.php', allows attackers to include and execute local files.
Affected
CMSQlite version 1.2 and prior.
References
Severity
Classification
-
CVE CVE-2010-2095, CVE-2010-2096 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Apache Solr XML External Entity(XXE) Vulnerability-02 Jan-14
- Ajax File and Image Manager 'data.php' PHP Code Injection Vulnerability
- Apache Struts2 Showcase Arbitrary Java Method Execution vulnerability
- A-A-S Application Access Server Multiple Vulnerabilities
- Atutor AChecker Multiple SQL Injection and XSS Vulnerabilities