Summary
This host is running glFusion and is prone to multiple SQL injection vulnerabilities.
Impact
Successful exploitation will let the attacker cause SQL injection attack and gain sensitive information.
Impact Level: Application
Solution
Upgrade to the latest version of glFusion 1.1.8 or later, For updates refer to http://www.glfusion.org/filemgmt/index.php
Insight
The flaws are due to improper validation of user supplied input via the 'order' and 'direction' parameters to 'search.php' that allows attacker to manipulate SQL queries by injecting arbitrary SQL code.
Affected
glFusion version 1.1.2 and prior.
References
Severity
Classification
-
CVE CVE-2009-4796 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities