Summary
Redaxscript is prone to a SQL injection vulnerability.
Impact
An unauthenticated attacker might execute arbitrary SQL commands to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Solution
Upgrade to Radexscript 2.3.0 or later.
Insight
The search_post function in includes/search.php is prone to an SQL injection vulnerability in the search_terms parameter.
Affected
Radexscript 2.2.0
Detection
Check the version or if no version detected try to perform an SQL injection.
References
Severity
Classification
-
CVE CVE-2015-1518 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Artifectx xClassified 'catid' SQL Injection Vulnerability
- ALCASAR Remote Code Execution Vulnerability
- 3Com OfficeConnect VPN Firewall Default Password Security Bypass Vulnerability
- Atlassian JIRA Privilege Escalation and Multiple Cross Site Scripting Vulnerabilities
- A-Blog 'sources/search.php' SQL Injection Vulnerability