Soluciones para vulnerabilidades

La exploración de vulnerabilidades periódica de Nimsoft Cloud Monitor busca la vulnerabilidad siguiente. Para ver las soluciones añadidas más recientemente que Nimsoft Cloud Monitor explora, visite Soluciones para vulnerabilidades.

Categoría: CGI abuses Factor de riesgo: High Añadido: 17 mar 2010
Synopsis:

A web application on the remote host has a SQL injection vulnerability.

Description:

The version of eclime running on the remote web server has a SQL injection vulnerability. The application fails to properly sanitize input passed to the 'email_address' and 'password' parameters of 'login.php'.

Regardless of PHP's 'magic_quotes_gpc' setting, a remote attacker can exploit this by making a specially crafted POST request, which would result in the execution of arbitrary SQL queries.

See also:

http://www.eclime.com/forum/viewtopic.php?f=21&t=248

Solution:

Upgrade to eclime 1.1.1b or later.

Risk factor:

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)