OpenBB index.php CID Parameter SQL Injection

High Nessus Plugin ID 11550

Synopsis

The remote web server has an application that is affected by a SQL injection vulnerability.

Description

The remote host seems to be running OpenBB, a forum management system.

There is a bug which allows an attacker to inject SQL command when passing a single quote (') to the CID argument of the file index.php, as in : GET /index.php?CID='<sql query>

An attacker may use this flaw to gain credentials or to modify your database.

Solution

If the remote host is running OpenBB, upgrade to the latest version

Plugin Details

Severity: High

ID: 11550

File Name: openbb_sql_injection.nasl

Version: 1.20

Type: remote

Family: CGI abuses

Published: 2003/04/26

Modified: 2018/08/08

Dependencies: 10107, 17975

Risk Information

Risk Factor: High

CVSSv2

Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:H/RL:OF/RC:C

Vulnerability Information

Required KB Items: www/PHP

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Available: true

Exploit Ease: No exploit is required

Vulnerability Publication Date: 2003/04/25

Reference Information

BID: 7401