mod_survey For Apache ENV Tags SQL Injection
High Nessus Plugin ID 11609
SynopsisThe web server module on the remote host has a SQL injection vulnerability.
DescriptionAccording to the banner, the remote host is using a vulnerable version of mod_survey, a Perl module for managing online surveys.
This version has a flaw that could result in a SQL injection attack when the module is being used with a database backend. A remote attacker could exploit this to take control of the database.
SolutionUpgrade to mod_survey 3.0.14e / 3.0.15pre6 or later.