MaxWebPortal password.asp memKey Parameter SQL Injection
High Nessus Network Monitor Plugin ID 2937
SynopsisThe remote host is vulnerable to a SQL Injection attack.
DescriptionMaxWebPortal is a web portal that utilizes a backend SQL or MySQL database.
This version of MaxWebPortal is vulnerable to a SQL Injection flaw.
An attacker exploiting this flaw would only need to be able to send HTTP
queries to the remote application. A successful attack would give the attacker
the ability to read and write database data as well as potentially execute
arbitrary remote commands on the database server.
SolutionUpgrade to a version 1.360, 2.000 or higher.