MercuryBoard < 1.1.2 Multiple Vulnerabilities
High Nessus Network Monitor Plugin ID 2551
SynopsisThe remote web server contains a script that is vulnerable to a SQL injection attack.
DescriptionThe remote host is running MercuryBoard, a web-based message board. This version of MercuryBoard is vulnerable to multiple vulnerabilities that include: cross-site scripting (XSS), SQL Injection, and path disclosure. An attacker exploiting these flaws would be able to elevate privileges and/or execute code.
SolutionUpgrade to version 1.1.2 or higher.