Summary
This host is running Irokez CMS and is prone SQL injection vulnerability.
Impact
Successful exploitation will allow attacker to access or modify data, or exploit latent vulnerabilities in the underlying database.
Impact Level: Application.
Solution
Upgrade to version 0.8b or later,
For updates refer to http://www.irokez.org/download/cms
Insight
The flaw is caused by an input validation error in the 'select()' function when processing the 'id' parameter, which could be exploited by malicious people to conduct SQL injection attacks.
Affected
Irokez CMS version 0.7.1 and prior
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2009-4982 -
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
- Adobe ColdFusion Multiple Path Disclosure Vulnerabilities
- Admidio get_file.php Remote File Disclosure Vulnerability
- APC PowerChute Network Shutdown 'security/applet' Cross Site Scripting Vulnerability
- appRain CMF 'uploadify.php' Remote Arbitrary File Upload Vulnerability