Powie PHP Forum < 1.15 Multiple Vulnerabilities
High Nessus Network Monitor Plugin ID 1732
SynopsisThe remote web server contains a script which is vulnerable to a SQL injection attack.
DescriptionThe remote host is running an old version of Powie PHP Forum, a web forum software implemented in PHP. It is reported that version prior 1.15 are vulnerable to multiple security issue including cross-site scripting and SQL injection. An attacker may gain access on the forum as a specific user or as an administrator or steal a victim's cookie-based authentication credentials using malicious HTML code.
SolutionUpgrade to Powie PHP Forum 1.15 or higher.