The remote web server contains a script that is vulnerable to a SQL injection attack.
The remote host is running Land Down Under, a web-based content management system. This version of LDU is vulnerable to a script injection flaw within the 'events.php' script. An attacker exploiting this flaw would need to be able to convince a user to browse to a malicious URI. Successful exploitation would lead to script code being executed within the user's browser. In addition, the product is vulnerable to multiple SQL injection flaws. An attacker exploiting these flaws would be able to execute code within the context of the database.