bttlxeForum login.asp < 2.0 Multiple SQL Injection

Medium Nessus Network Monitor Plugin ID 1559

Synopsis

The remote host is running bttlxeForum, a set of CGI designed to manager a web-based forum server.

Description

There is a SQL injection vulnerability in this installation which allows an attacker to gain the privileges of the administrator while logging in, or to take the control of the remote database.

Solution

Upgrade to version 2.0 or higher.

See Also

http://www.nessus.org/u?6c26f56c

http://www.battleaxesoftware.com/forums/forum.asp?forumid=36&amp;select=1812

Plugin Details

Severity: Medium

ID: 1559

File Name: 1559.prm

Family: CGI

Published: 2004/08/18

Modified: 2016/01/21

Dependencies: 1442

Nessus ID: 11548

Risk Information

Risk Factor: Medium

CVSSv2

Base Score: 6.4

Temporal Score: 6.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N

Temporal Vector: CVSS2#E:H/RL:U/RC:ND

CVSSv3

Base Score: 6.5

Temporal Score: 6.5

Vector: CVSS3#AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Temporal Vector: CVSS3#E:H/RL:O/RC:C

Reference Information

CVE: CVE-2003-0215

BID: 7416