MDPro Surveys Module SQL Injection Vulnerability Network Vulnerability

Summary

This host is installed with MDPro and is prone to SQL Injection vulnerability.

Impact

This flaw can be exploited via malicious SQL commands to modify or delete information in the back-end database. Impact Level: Application

Solution

No solution or patch was made available for at least one year since disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one.

Insight

The Surveys module fails to validate the user supplied data passed into the 'pollID' parameter before using it in an SQL query.

Affected

MDPro version 1.083.x

References

http://xforce.iss.net/xforce/xfdb/51385

Updated on 2017-03-28

Severity

Classification

CVE CVE-2009-2618

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Acidcat CMS Multiple Vulnerabilities
Arkeia Appliance Multiple Vulnerabilities
AV Arcade 'ava_code' Cookie Parameter SQL Injection Vulnerability
ArticleSetup Multiple Cross-Site Scripting and SQL Injection Vulnerabilities
Admin News Tools Multiple Vulnerabilities

Take action and discover your vulnerabilities