CoolForum SQL and XSS Vulnerabilities

Medium Nessus Network Monitor Plugin ID 2725

Synopsis

The remote web server contains a script that is vulnerable to a SQL injection attack.

Description

The remote host is running CoolForum, a bulletin board written in PHP. This version of CoolForum is vulnerable to at least two (2) remote attacks. Specifically, a SQL injection attack affects the 'entete.php' and 'register.php' scripts. An attacker exploiting these flaws would send a malformed query to the questionable scripts. A successful exploit would result in the reading and writing of confidential data. In addition, the attacker may be able to execute arbitrary code on the remote webserver.

Multiple HTML injection and Cross-Site Scripting (XSS) flaws have also been reported to exist within this version of CoolForum. An attacker exploiting these flaws would typically need to be able to convince a user to browse a malicious URI. A successful attack would result in the theft of potentially confidential client data (cookies, authentication credentials, and more) or malicious code being executed within the client browser.

Solution

Upgrade to version 0.8.1 or higher.

See Also

http://securitytracker.com/alerts/2005/Mar/1013474.html

http://www.coolforum.net

Plugin Details

Severity: Medium

ID: 2725

Family: CGI

Published: 2005/03/21

Modified: 2016/02/05

Dependencies: 1442

Nessus ID: 17597

Risk Information

Risk Factor: Medium

CVSSv2

Base Score: 5.1

Temporal Score: 5.1

Vector: CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:H/RL:U/RC:ND

CVSSv3

Base Score: 5.6

Temporal Score: 5.6

Vector: CVSS3#AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS3#E:H/RL:U/RC:X

Reference Information

CVE: CVE-2005-0858, CVE-2005-0857

BID: 12852