Detections
Analytics

Xpressions Interactive Multiple Products login.asp SQL Injection

high Nessus Plugin ID 11698

Language:

Synopsis

The remote host has a web vulnerability that can allow an attacker to manage the website with administrative privileges.

Description

The remote host appears to be running a software suite (truConnect, FlowerLink, eVision, or Website Integration) from Xpressions Software.

The software in question has multiple SQL injection vulnerabilities that could allow an attacker to gain administrative access. This could lead to the exposure of user passwords and credit card data.

Solution

Upgrade to the latest version of this software.

See Also

https://seclists.org/bugtraq/2003/Jun/46

Plugin Details

Severity: High

ID: 11698

File Name: xpressions_sql_injection.nasl

Version: 1.27

Type: remote

Family: CGI abuses

Published: 6/4/2003

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

Required KB Items: www/ASP

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Available: true

Exploit Ease: No exploit is required

Reference Information

BID: 7804