VideoDB < 2.0.2 Multiple Vulnerabilities

high Nessus Plugin ID 16140

Synopsis

The remote web server has a PHP script that is affected by multiple vulnerabilities.

Description

The remote host is VideoDB, a web-based video dabatase manager written in PHP.

The remote version of this software is vulnerable to a SQL injection attack due to a lack of filtering on user-supplied input. An attacker may exploit this flaw to modify the remote database.

This software may be vulnerable to an unauthorized access attack in the file 'edit.php' that may allow an attacker to edit database entries, as well as an unspecified cross-site scripting issue.

Solution

Upgrade to VideoDB 2.0.2 or later.

Plugin Details

Severity: High

ID: 16140

File Name: videodb_multiple_vulnerabilites.nasl

Version: 1.19

Type: remote

Family: CGI abuses

Published: 1/12/2005

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/a:videodb:videodb

Required KB Items: www/PHP

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Available: true

Exploit Ease: No exploit is required

Patch Publication Date: 1/5/2005

Vulnerability Publication Date: 1/5/2005

Reference Information

BID: 12219, 12224