Summary
This host is installed with DotNetNuke DNNArticle and is prone to cross site scripting vulnerability.
Impact
Successful exploitation will allow remote attackers to manipulate SQL queries by injecting arbitrary SQL code.
Impact Level: Application
Solution
Upgrade to version 10.1 or later,
For updates refer to http://www.zldnn.com
Insight
Input passed via the 'categoryid' GET parameter to 'desktopmodules/ dnnarticle/dnnarticlerss.aspx' (when 'moduleid' is set) is not properly sanitized before being used in a SQL query.
Affected
DotNetNuke DNNArticle module versions 10.0 and prior
Detection
Send a crafted HTTP GET request and check whether it is able to read the SQL server version or not.
References
Severity
Classification
-
CVE CVE-2013-5117 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities