VP-ASP shopsearch SQL Injection

medium Nessus Plugin ID 11942

Language:

Synopsis

The remote server is vulnerable to SQL injections.

Description

The remote host is running the VP-ASP CGI suite.

There is a bug in this suite that could allow an attacker to force it to execute arbitrary SQL statements on the remote host. An attacker could use this flaw to gain the control of the remote website and possibly execute arbitrary commands on the remote host.

Solution

Disable this suite or upgrade to the latest version

Plugin Details

Severity: Medium

ID: 11942

File Name: shopsearch_sql_injection.nasl

Version: 1.16

Type: remote

Family: CGI abuses

Published: 12/4/2003

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: Medium

Base Score: 4.4

Temporal Score: 4.4

Vector: CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Information

Required KB Items: www/ASP

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Available: true

Exploit Ease: No exploit is required

Reference Information

BID: 9133, 9134