Oplossingen voor kwetsbaarheid |
||
| De WatchMouse Periodieke Kwetsbaarheidscan controleert op onderstaande kwetsbaarheden. De meest recent toegevoegde oplossingen voor kwetsbaarheid die door WatchMouse worden gescand vindt u in het overzicht Oplossingen voor kwetsbaarheid | ||
| Categorie: CGI abuses | Risicofactor: High | Toegevoegd: 10 Oct 2008 |
| Synopsis: The remote web server contains a PHP application that is prone to a SQL injection attack. Description: The remote host is running OpenX (formerly Openads), an open source ad serving application written in PHP. The installed version of OpenX does not validate user-supplied input to the 'bannerid' parameter of the 'www/delivery/ac.php' script before using it in database queries. Regardless of PHP's 'magic_quotes_gpc' setting, an unauthenticated remote attacker can leverage this issue to manipulate SQL queries and, for example, uncover sensitive information from the application's database or possibly execute arbitrary PHP code. See also: http://www.openx.org/docs/2.4/release-notes/openx-2.4.9 http://www.openx.org/docs/2.6/release-notes/openx-2.6.2 http://www.securityfocus.com/archive/1/497111/30/0/threaded Solution: Upgrade to OpenX version 2.4.9 / 2.6.2 or later. Risk factor: High / CVSS Base Score : 7.5 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P) |
||
