Detections
Analytics

DUPortal/DUPortal Pro Multiple Scripts SQL Injection (1)

high Nessus Plugin ID 18120

Language:

Synopsis

The remote web server is running an ASP application that is affected by multiple SQL injection flaws.

Description

The remote host is running DUPortal, a content management system written in ASP.

The remote version of this software is vulnerable to several SQL injection vulnerabilities in files 'details.asp', 'search.asp', 'default.asp' , 'cat.asp' and more.

With a specially crafted URL, an attacker can exploit this flaw to modify database queries, potentially even uncovering user passwords for the application.

Solution

Unknown at this time.

See Also

https://seclists.org/bugtraq/2006/Apr/552

Plugin Details

Severity: High

ID: 18120

File Name: duportal_sql_injection.nasl

Version: 1.22

Type: remote

Family: CGI abuses

Published: 4/22/2005

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.6

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Available: true

Exploit Ease: No exploit is required

Vulnerability Publication Date: 4/20/2005

Reference Information

CVE: CVE-2005-1224, CVE-2005-1236

BID: 13285, 13288