Soluções para vulnerabilidades

O Exame Periódico de Vulnerabilidade do Nimsoft Cloud Monitor verifica a vulnerabilidade abaixo. Para ver as soluções para vulneralidades adicionadas mais recentemente que são examinadas pelo WatchMouse, acesse a visão geral das Soluções para vulnerabilidades

Categoria: CGI abuses Fator de risco: High Adicionado: 17 Mar 2010
Synopsis:

A web application on the remote host has a SQL injection vulnerability.

Description:

The version of eclime running on the remote web server has a SQL injection vulnerability. The application fails to properly sanitize input passed to the 'email_address' and 'password' parameters of 'login.php'.

Regardless of PHP's 'magic_quotes_gpc' setting, a remote attacker can exploit this by making a specially crafted POST request, which would result in the execution of arbitrary SQL queries.

See also:

http://www.eclime.com/forum/viewtopic.php?f=21&t=248

Solution:

Upgrade to eclime 1.1.1b or later.

Risk factor:

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)