Synopsis
A remote web application is vulnerable to several flaws.
Description
The remote host is running ASP PortalApp, a web application software written in ASP.
There is a flaw in the remote software that could allow anyone to inject arbitrary SQL commands, which could in turn be used to gain administrative access on the remote host.
In addition, a path disclosure and cross-site scripting vulnerability were reported, although Nessus has not checked for them.
Solution
Upgrade to the latest version of this software.
Plugin Details
File Name: portalapp_input_validation.nasl
Supported Sensors: Nessus
Risk Information
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P
Vulnerability Information
Required KB Items: www/ASP
Exploit Ease: No exploit is required
Vulnerability Publication Date: 3/30/2005
Reference Information
CVE: CVE-2005-0948, CVE-2005-0949
BID: 12936
CWE: 20, 442, 629, 711, 712, 722, 725, 74, 750, 751, 79, 800, 801, 809, 811, 864, 900, 928, 931, 990