Scout Portal Toolkit SPT--ForumTopics.php forumid Parameter SQL Injection

high Nessus Plugin ID 21764

Language:

Synopsis

The remote web server contains a PHP script that is susceptible to a SQL injection attack.

Description

The remote host is running Scout Portal Toolkit, an open source toolkit for organizing collections of online resources / knowledge.

The version of Scout Portal Toolkit installed on the remote host fails to sanitize user-supplied input to the 'forumid' parameter to the 'SPT--ForumTopics.php' script before using it in a database query. Regardless of PHP's 'magic_quotes_gpc' setting, an unauthenticated attacker can exploit this flaw to manipulate database queries, which may lead to disclosure of sensitive information, modification of data, or attacks against the underlying database.

Solution

Apply the security patch in the project's mailing list posting referenced above.

Plugin Details

Severity: High

ID: 21764

File Name: spt_forumid_sql_injection.nasl

Version: 1.25

Type: remote

Family: CGI abuses

Published: 6/28/2006

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.6

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/a:internet_scout_project:scout_portal_toolkit

Required KB Items: www/PHP

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Ease: No exploit is required

Vulnerability Publication Date: 6/27/2006

Reference Information

CVE: CVE-2006-3309

BID: 18688

Detections

Analytics