mod_survey For Apache ENV Tags SQL Injection

high Nessus Plugin ID 11609

Language:

Synopsis

The web server module on the remote host has a SQL injection vulnerability.

Description

According to the banner, the remote host is using a vulnerable version of mod_survey, a Perl module for managing online surveys.
This version has a flaw that could result in a SQL injection attack when the module is being used with a database backend. A remote attacker could exploit this to take control of the database.

Solution

Upgrade to mod_survey 3.0.14e / 3.0.15pre6 or later.

Plugin Details

Severity: High

ID: 11609

File Name: mod_survey_sql_injection.nasl

Version: 1.17

Type: remote

Family: Web Servers

Published: 5/9/2003

Updated: 8/8/2018

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

Exploit Available: true

Exploit Ease: No exploit is required

Vulnerability Publication Date: 3/28/2003

Reference Information

BID: 7192

Secunia: 11196