Sårbarhed Detalje Syn
Legend :
critical
high
medium
low
other
| id | 43088 |
|---|
| Risiko | other |
|---|
| Familie | CGI abuses |
|---|
| Kategori | attack |
|---|
| Navn | GCalendar Component for Joomla! event.php gcid Parameter SQL Injection |
|---|
| Sammenfatning | Exploits a SQL Injection Vulnerability in GCalendar |
|---|
| Beskrivelse | Synopsis :
The remote web server contains a PHP script that is prone to a SQL
injection attack.
Description :
The remote host is running GCalendar, a third-party component for
Joomla! written in PHP.
The installed version of GCalendar fails to sanitize input passed to
the 'gcid' parameter before using it in the 'models/event.php' script
to construct a database query.
Regardless of PHP's 'magic_quotes_gpc' setting, an unauthenticated
remote attacker can exploit this issue to manipulate database queries,
resulting in disclosure of sensitive information or attacks against
the underlying database.
Solution :
Unknown at this time.
Risk factor :
High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
|
|---|
| CVE |
CVE-2009-4099 |
| Bugtraq |
37141 |
| Copyright |
(C) 2009 Tenable Network Security, Inc. |
|
|