FuseTalk txForumID Parameter SQL Injection
Medium Nessus Network Monitor Plugin ID 4112
SynopsisThe remote web server contains a ColdFusion script that is prone to a SQL injection attack.
DescriptionThe remote host is running FuseTalk, a discussion forum implemented in ColdFusion. The version of FuseTalk installed on the remote host fails to properly sanitize user-supplied input to the 'txForumID' parameter before using it in the 'forum/include/error/forumerror.cfm' script in database queries. An unauthenticated remote attacker can leverage this issue to launch SQL injection attacks against the affected application.
SolutionNo solution is known at this time.