Summary
The remote host is running MercuryBoard, a message board system written in PHP.
Multiple vulnerabilities have been discovered in the product that allow an attacker to cause numerous cross site scripting attacks, inject arbitrary SQL statements and disclose the path under which the product has been installed.
Solution
Upgrade to MercuryBoard version 1.1.3.
Severity
Classification
-
CVE CVE-2005-0306, CVE-2005-0307, CVE-2005-0414, CVE-2005-0460, CVE-2005-0462, CVE-2005-0662, CVE-2005-0663, CVE-2005-0878 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- AlienVault Open Source SIEM (OSSIM) 'timestamp' Parameter Directory Traversal Vulnerability
- ArticleFR CMS 'id' Parameter SQL Injection Vulnerability
- ArticleFR CMS Multiple Vulnerabilities - Jan15
- Apple Safari RSS Feed Information Disclosure Vulnerability
- Apache Archiva Multiple Remote Command Execution Vulnerabilities