Vulnerability Solutions |
||
| The WatchMouse Periodic Vulnerability Scan checks for the vulnerability below. To see the most recently added vulnerability solutions that are scanned by WatchMouse, go to the Vulnerability Solutions overview | ||
| Category: CGI abuses | Risk factor: High | Added: 10 Oct 2008 |
| Synopsis: The remote web server contains a PHP application that is prone to a SQL injection attack. Description: The remote host is running OpenX (formerly Openads), an open source ad serving application written in PHP. The installed version of OpenX does not validate user-supplied input to the 'bannerid' parameter of the 'www/delivery/ac.php' script before using it in database queries. Regardless of PHP's 'magic_quotes_gpc' setting, an unauthenticated remote attacker can leverage this issue to manipulate SQL queries and, for example, uncover sensitive information from the application's database or possibly execute arbitrary PHP code. See also: http://www.openx.org/docs/2.4/release-notes/openx-2.4.9 http://www.openx.org/docs/2.6/release-notes/openx-2.6.2 http://www.securityfocus.com/archive/1/497111/30/0/threaded Solution: Upgrade to OpenX version 2.4.9 / 2.6.2 or later. Risk factor: High / CVSS Base Score : 7.5 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P) |
||
