Summary
The host is running phpMyDirectory and is prone to SQL injection vulnerability.
Impact
Successful exploitation will let attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.
Impact Level: Application
Solution
Upgrade to phpMyDirectory version 1.4.1 or later,
For updates refer to http://www.phpmydirectory.com/
Insight
Input passed via the 'id' parameter to page.php is not properly sanitised before being used in SQL queries.
Affected
phpMyDirectory version 1.3.3
References
Severity
Classification
-
CVE CVE-2012-5288 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities