Summary
This host is running RTWebalbum and is prone to SQL Injection vulnerability.
Impact
Successful exploitation will allow attacker to manipulate SQL queries by injecting arbitrary SQL code.
Impact Level: Application
Solution
Upgrade to RTWebalbum version 1.0.574 or Apply SVN Repositories http://sourceforge.net/projects/rtwebalbum
http://rtwebalbum.svn.sourceforge.net/viewvc/rtwebalbum/index.php?view=log
Insight
Input passed to the 'AlbumId' parameter in index.php is not properly sanitised before being used in SQL queries
Affected
RTWebalbum versions prior to 1.0.574
References
Severity
Classification
-
CVE CVE-2009-1910 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Adobe ColdFusion Components (CFC) Denial Of Service Vulnerability
- Adobe ColdFusion Multiple Vulnerabilities-01 May-2014
- 68designs 68kb Multiple Remote File Include Vulnerabilities
- Apache Struts2 'URL' & 'Anchor' tags Arbitrary Java Method Execution Vulnerabilities
- AlienVault Open Source SIEM (OSSIM) 'timestamp' Parameter Directory Traversal Vulnerability