Invision Power Board Dragoran Forum < 1.4 index.php site Parameter SQL Injection
High Nessus Network Monitor Plugin ID 3397
SynopsisThe remote host is vulnerable to a SQL Injection attack.
DescriptionThe remote host is running the Dragoran Forum, a PHP-based web portal. This version of Dragoran is vulnerable to a SQL Injection flaw. An attacker exploiting this flaw would be able to execute arbitrary SQL commands on the Dragoran backend database server.
SolutionUpgrade to version 1.4 or higher.