Summary
The host is running Devana and is prone to SQL injection vulnerability.
Impact
Successful exploitation will allow attacker to cause SQL Injection attack and gain sensitive information.
Impact Level: Application
Solution
Upgrade to Devena-v2_beta-1 or later,
For updates refer to http://sourceforge.net/projects/devana
Insight
The flaw is caused by improper validation of user-supplied input via the 'id' parameter in 'profile_view.php' which allows attacker to manipulate SQL queries by injecting arbitrary SQL code.
Affected
Devana Version 1.6.6 and prior.
References
Severity
Classification
-
CVE CVE-2010-2673 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities