Atlassian Confluence Server 4.3.x < 4.3.3 SQLi
High Nessus Network Monitor Plugin ID 9635
SynopsisThe remote Confluence server is affected by an SQL injection vulnerability.
DescriptionVersions of Confluence 4.3.x prior to 4.3.3 contain a flaw that may allow carrying out an SQL injection attack. The issue is due to the 'deleteReferrersWithPrefix' method in the 'DefaultReferralManager' class in 'DefaultReferralManager.java' not properly sanitizing user-supplied input before using it in SQL queries. This may allow a remote attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.
SolutionUpgrade to Confluence 4.3.x version 4.3.3 or later.