PowerPortal index.php index_page Parameter SQL Injection

high Nessus Plugin ID 15760

Language:

Synopsis

It may be possible to execute arbitrary commands on the remote server.

Description

The remote host is using PowerPortal, a content management system, written in PHP.

A vulnerability exists in the remote version of this product that could allow a remote attacker to perform a SQL injection attack against the remote host.

An attacker could exploit this flaw to execute arbitrary SQL statements against the remote database and possibly to execute arbitrary commands on the remote host.

Solution

Upgrade to the latest version of this software.

Plugin Details

Severity: High

ID: 15760

File Name: powerportal_sql_injection.nasl

Version: 1.16

Type: remote

Family: CGI abuses

Published: 11/18/2004

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

Exploit Available: true

Exploit Ease: No exploit is required

Vulnerability Publication Date: 11/14/2004

Reference Information

BID: 11681

Detections

Analytics