Detections
Analytics

TrailScout Module For Drupal Session Cookie SQL Injection

high Nessus Plugin ID 33274

Language:

Synopsis

The remote web server contains a PHP script that is affected by a SQL injection vulnerability.

Description

The remote host is running TrailScout, a third-party module for Drupal that displays a breadcrumb-like trail showing pages a user recently visited on a site.

The version of the TrailScout module installed on the remote host fails to sanitize user-supplied input to the session cookie before using it in database queries. Regardless of PHP's 'magic_quotes_gpc' setting, an attacker can exploit this issue to manipulate database queries, leading to the disclosure of sensitive information, modification of data, or attacks against the underlying database.

Solution

Upgrade to TrailScout version 5.x-1.4.

See Also

https://www.drupal.org/node/272191

Plugin Details

Severity: High

ID: 33274

File Name: drupal_trailscout_sql_injection.nasl

Version: 1.28

Type: remote

Family: CGI abuses

Published: 6/30/2008

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/a:drupal:drupal, cpe:/a:drupal:trailscout_module

Required KB Items: www/PHP, installed_sw/Drupal

Exploit Ease: No known exploits are available

Patch Publication Date: 6/18/2008

Vulnerability Publication Date: 6/18/2008

Reference Information

CVE: CVE-2008-2850

BID: 29807

CWE: 89