Summary
This host is running CMSQlite and is prone to multiple SQL injection and directory traversal vulnerabilities.
Impact
Successful exploitation will allow attackers to execute SQL commands and arbitrary local files.
Impact Level: Application.
Solution
Upgrade to CMSQlite 1.3 later,
For updates refer to http://www.cmsqlite.net/
Insight
The flaws are due to,
- Improper validation of user supplied input to 'c' parameter in 'index.php', allows attackers to execute SQL commands.
- Improper validation of user supplied input to 'mod' parameter in 'index.php', allows attackers to include and execute local files.
Affected
CMSQlite version 1.2 and prior.
References
Severity
Classification
-
CVE CVE-2010-2095, CVE-2010-2096 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Apache Tomcat/JBoss EJBInvokerServlet / JMXInvokerServlet (RMI over HTTP) Marshalled Object Remote Code Execution
- ATutor password reminder SQL injection
- Adobe ColdFusion Components (CFC) Denial Of Service Vulnerability
- AjaXplorer zoho plugin Directory Traversal Vulnerability
- 4psa Voipnow Local File Inclusion Vulnerability