Detections
Analytics
PHPCatalog id Parameter SQL Injection
high Nessus Plugin ID 11969
Language:
Synopsis
A remote web application is vulnerable to SQL injection.Description
The remote host appears to be running PHPCatalog, a CGI suite to handle on-line catalogues.There is a flaw in the remote software that could allow anyone to inject arbitrary SQL commands, which could in turn be used to gain administrative access on the remote host.
Solution
Upgrade to PHPCatalog 2.6.10 or newer.See Also
http://web.archive.org/web/20081202204741/http://xforce.iss.net/xforce/xfdb/14116
https://secuniaresearch.flexerasoftware.com/advisories/10516/
Plugin Details
Severity: High
ID: 11969
File Name: phpcatalog_sql_injection.nasl
Version: 1.22
Type: remote
Family: CGI abuses
Published: 12/31/2003
Updated: 1/19/2021
Supported Sensors: Nessus
Vulnerability Information
Required KB Items: www/PHP
Excluded KB Items: Settings/disable_cgi_scanning
Exploit Available: true
Exploit Ease: No exploit is required
Vulnerability Publication Date: 12/30/2003
Reference Information
BID: 9318