Synopsis :

The remote web server hosts an application that is affected by a SQL
injection vulnerability.

Description :

The version of Scrutinizer installed on the remote web server is
affected by a SQL injection vulnerability in multiple parameters of
the 'd4d/alarms.php' script.

An unauthenticated remote attacker can leverage this issue to
manipulate database queries, leading to disclosure of sensitive
information, attacks against the underlying database, and the like.

Note that this install is also likely to be affected by multiple other
vulnerabilities, though Nessus has not tested for these.

See also :

https://www.trustwave.com/spiderlabs/advisories/TWSL2012-008.txt

Solution :

Upgrade to Scrutinizer 9.0.1 or later.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 6.2
(CVSS2#E:F/RL:OF/RC:ND)
Public Exploit Available : true