Summary
This host is installed with PHPMyRecipes and is prone to SQL Injection Vulnerability.
Impact
Successful exploitation allow the attacker to compromise the application, access or modify data in the back-end database.
Impact Level: Application
Solution
No solution or patch was made available for at least one year since disclosure of this vulnerability. Likely none will be provided anymore.
General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one.
Insight
Input passed via 'r_id' parameter in viewrecipe.php is not properly sanitised before being returned to the user.
Affected
PHPMyRecipes version 1.2.2 and prior
References
Severity
Classification
-
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Atutor AChecker Multiple SQL Injection and XSS Vulnerabilities
- ASAS Server End User Self Service (EUSS) SQL Injection Vulnerability
- Apple Safari RSS Feed Information Disclosure Vulnerability
- Admin News Tools Multiple Vulnerabilities
- 3Com OfficeConnect VPN Firewall Default Password Security Bypass Vulnerability