Summary
This host is running evalSMSI and is prone to multiple vulnerabilities.
Impact
Successful exploitation will allow remote attackers to view, edit and delete the backend database via SQL Injection or inject arbitrary web script or HTML via cross-site scripting attack.
Impact Level: Application
Solution
Upgrade to evalSMSI version 2.2.00 or later,
For updates refer to http://sourceforge.net/projects/evalsmsi/files/
Insight
The multiple flaws are due to:
- Input passed to the 'query' parameter in ajax.php (when 'question' action is set), 'return' parameter in ajax.php and while writing comments to assess.php page (when 'continue_assess' action is set) is not properly sanitised before being used in SQL queries.
- The passwords are stored in plaintext in the database, which allows attackers with database access to gain privileges.
Affected
evalSMSI version prior to 2.2.00 on all platforms.
References
Severity
Classification
-
CVE CVE-2010-0614, CVE-2010-0615, CVE-2010-0616, CVE-2010-0617 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities