Pligg Multiple SQL Injection Vulnerabilities Network Vulnerability

Summary

The host is running Pligg CMS and is prone to multiple SQL injection vulnerabilities.

Impact

Successful exploitation will allow attacker to cause SQL Injection attack and gain sensitive information. Impact Level: Application

Solution

Upgrade to Pligg CMS Version 1.1.1 or later. For updates refer to http://www.pligg.com/download/

Insight

The flaws are caused by improper validation of user-supplied inputs via the 'title' parameter in storyrss.php and story.php and 'role' parameter in groupadmin.php that allows attacker to manipulate SQL queries by injecting arbitrary SQL code.

Affected

Pligg CMS Version 1.1.0 and prior.

References

http://secunia.com/advisories/40931
http://secunia.com/secunia_research/2010-111/

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-2577, CVE-2010-3013

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

AIOCP 'cp_html2xhtmlbasic.php' Remote File Inclusion Vulnerability
Avenger's News System Command Execution
Assesi 'bg' Parameter SQL Injection vulnerability
'research_display.php' SQL Injection Vulnerability
artmedic_links5 File Inclusion Vulnerability

Take action and discover your vulnerabilities