This host is installed with phpMyRecipes and is prone to multiple SQL injection vulnerabilities.

Successful exploitation will allow attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data. Impact Level: Application

No solution or patch is available as of 9th February, 2015. Information regarding this issue will updated once the solution details are available.For updates refer to http://php-myrecipes.sourceforge.net/

Multiple flaws are due to improper sanitizing - of 'words_exact' parameter passed to 'dosearch.php' script. - of 'category' parameter passed to 'browse.php' script.

phpMyRecipes version 1.2.2

Send a crafted exploit string via HTTP GET request and check whether it is possible to execute sql query or not.

• http://osvdb.org/115038
• http://www.exploit-db.com/exploits/35365/
• http://xforce.iss.net/xforce/xfdb/99005
• https://security-tracker.debian.org/tracker/CVE-2014-9347

---

Updated on 2015-03-25