SePortal Poll.php SQL Injection Vulnerability Network Vulnerability

Summary

The host is running SePortal which is prone to SQL Injection Vulnerability.

Impact

Successful attack could lead to execution of arbitrary SQL queries. Impact Level: Application

Solution

Upgrade to SePortal Version 2.5 or later For updates refer to http://www.seportal.org/

Insight

Input passed to the poll_id parameter in poll.php and to sp_id parameter in staticpages.php files are not properly sanitised before being used in an SQL query.

Affected

SePortal Version 2.4 and prior on all running platform.

References

http://secunia.com/advisories/30865

Updated on 2017-03-28

Severity

Classification

CVE CVE-2008-5191

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Avenger's News System Command Execution
Adobe ColdFusion Information Disclosure Vulnerability
artmedic_links5 File Inclusion Vulnerability
AlefMentor Multiple SQL Injection Vulnerabilities
Apache Struts2 Showcase Skill Name Remote Code Execution Vulnerability

SePortal poll.php SQL Injection Vulnerability

Take action and discover your vulnerabilities