Summary
This host is installed with Meeting Room Booking System and is prone to SQL Injection vulnerability.
Impact
Attackers can exploit this issue to inject arbitrary SQL code and modify information in the back-end database.
Impact Level: Application.
Solution
Upgrade to Meeting Room Booking System 1.4.2 or later.
For updates refer to http://mrbs.sourceforge.net/download.php
Insight
The user supplied data passed into 'typematch' parameter in report.php is not properly sanitised before being used in an SQL query.
Affected
Meeting Room Booking System prior to 1.4.2 on all platforms.
References
Severity
Classification
-
CVE CVE-2009-3533 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- ActivDesk Multiple Cross Site Scripting and SQL Injection Vulnerabilities
- Apache Struts ClassLoader Manipulation Vulnerabilities
- Advantech Studio 'NTWebServer.exe' Directory Traversal Vulnerability
- AlienVault OSSIM SQL Injection and Remote Code Execution Vulnerabilities
- Acute Control Panel SQL Injection Vulnerability and Remote File Include Vulnerability