Summary
The remote web server contains several PHP scripts that permit SQL injection and cross-site scripting attacks.
Description :
The remote version of Land Down Under is prone to several SQL injection and cross-site scripting attacks due to its failure to sanitize user-supplied input to several parameters used by the 'events.php', 'index.php', and 'list.php' scripts. A malicious user can exploit exploit these flaws to manipulate SQL queries, steal authentication cookies, and the like.
Solution
Unknown at this time.
References
Severity
Classification
-
CVE CVE-2005-2788, CVE-2005-2884 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Adiscon LogAnalyzer Multiple SQL Injection and XSS Vulnerabilities
- Advanced Guestbook Index.PHP SQL Injection Vulnerability
- ASUS RT56U Router Multiple Vulnerabilities
- ActualAnalyzer Lite 'ant' Cookie Parameter Remote Command Execution Vulnerability
- AV Arcade 'ava_code' Cookie Parameter SQL Injection Vulnerability