Summary
This host is installed with Meeting Room Booking System and is prone to SQL Injection vulnerability.
Impact
Attackers can exploit this issue to inject arbitrary SQL code and modify information in the back-end database.
Impact Level: Application.
Solution
Upgrade to Meeting Room Booking System 1.4.2 or later.
For updates refer to http://mrbs.sourceforge.net/download.php
Insight
The user supplied data passed into 'typematch' parameter in report.php is not properly sanitised before being used in an SQL query.
Affected
Meeting Room Booking System prior to 1.4.2 on all platforms.
References
Severity
Classification
-
CVE CVE-2009-3533 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- AdaptBB Multiple Input Validation Vulnerabilities
- AstroSPACES profile.php SQL Injection Vulnerability
- Acute Control Panel SQL Injection Vulnerability and Remote File Include Vulnerability
- Apache Struts2 Showcase Arbitrary Java Method Execution vulnerability
- ArticleFR CMS 'id' Parameter SQL Injection Vulnerability