Detections
Analytics

iisPROTECT Admin Interface SiteAdmin.ASP GroupName Parameter SQL Injection

medium Nessus Plugin ID 11662

Language:

Synopsis

The remote web server contains an ASP application that is affected by a SQL injection vulnerability.

Description

The remote host is running iisPROTECT, an IIS add-on to protect the pages served by this server.

There is a bug in the remote version of iisPROTECT that may allow an attacker with the ability to browse the administrative interface to execute arbitrary commands through SQL injection on this host.

Solution

Upgrade to iisPROTECT version 2.3 or later as that is rumoured to address the issue.

See Also

https://www.securityfocus.com/archive/1/322387/30/0/threaded

Plugin Details

Severity: Medium

ID: 11662

File Name: iisprotect_sql_injection.nasl

Version: 1.19

Type: remote

Family: CGI abuses

Published: 5/28/2003

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.6

CVSS v2

Risk Factor: Medium

Base Score: 6.5

Temporal Score: 6.5

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P

Vulnerability Information

Exploit Available: true

Exploit Ease: No exploit is required

Vulnerability Publication Date: 5/23/2003

Reference Information

CVE: CVE-2003-0377

BID: 7675