BoastMachine <= 3.1 'mail.php' id Parameter SQL Injection
High Nessus Network Monitor Plugin ID 4348
SynopsisThe remote host is vulnerable to a SQL Injection attack.
DescriptionThe remote host is running BoastMachine, a blogging software.
This version of BoastMachine is vulnerable to a flaw in the mail.php script. Specifically, a remote user can pass arbitrary SQL commands to the mail.php script that would then be executed on the database server.
SolutionUpgrade to a version higher than 3.1.