MercuryBoard < 1.1.3 Multiple Vulnerabilities
High Nessus Network Monitor Plugin ID 2627
SynopsisThe remote web server contains a script that is vulnerable to a SQL injection attack.
DescriptionThe remote host is running MercuryBoard, a web-based Message board
written in PHP.
This version of MercuryBoard is vulnerable to a Cross-Site Scripting (XSS)
An attacker exploiting this flaw would need to be able to convince
an unsuspecting user to visit a malicious website. Upon
successful exploitation, the attacker would be able to possibly
steal credentials or execute browser-side code.
In addition, the remote host is vulnerable to a SQL Injection attack. An attacker exploiting this flaw would be able to read data, modify data, or execute commands.
SolutionUpgrade to version 1.1.3 or higher.