PatchLink Update /dagent/downloadreport.asp Multiple Parameter SQL Injection

high Nessus Plugin ID 23840

Language:

Synopsis

The remote web server contains an ASP script that is prone to SQL injection attacks.

Description

The remote host is running PatchLink Update Server, a patch and vulnerability management solution.

The version of PatchLink Update Server installed on the remote fails to sanitize user-supplied input to the 'agentid' and 'pass' parameters of the '/dagent/downloadreport.asp' script before using it to construct database queries. An unauthenticated attacker can exploit this flaw to manipulate database queries, which might lead to disclosure of sensitive information, modification of data, or attacks against the underlying database.

Note that Novell ZENworks Patch Management is based on PatchLink Update server and is affected as well.

Solution

Upgrade to version 6.3.2.700 if using Novell ZENworks Patch Management.

Plugin Details

Severity: High

ID: 23840

File Name: plus_downloadreport_sql_injections.nasl

Version: 1.18

Type: remote

Family: CGI abuses

Published: 12/12/2006

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.8

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/a:novell:zenworks_patch_management_server

Required KB Items: www/ASP

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Ease: No exploit is required

Vulnerability Publication Date: 12/7/2006

Reference Information

CVE: CVE-2006-6450

BID: 21473

Detections

Analytics