icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

Land Down Under < 802 events.php SQL Injection

Medium

Synopsis

The remote web server contains a script that is vulnerable to a SQL injection attack.

Description

The remote host is running Land Down Under, a web-based content management system. This version of LDU is vulnerable to a script injection flaw within the 'events.php' script. An attacker exploiting this flaw would need to be able to convince a user to browse to a malicious URI. Successful exploitation would lead to script code being executed within the user's browser. In addition, the product is vulnerable to multiple SQL injection flaws. An attacker exploiting these flaws would be able to execute code within the context of the database.

Solution

Upgrade to version 802 or higher.