Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

mod_survey < 3.0.14e / 3.0.15pre6 ENV tags SQL Injection

Medium

Synopsis

The remote web server contains a script which is vulnerable to a SQL injection attack.

Description

The remote host is using mod_survey, a perl add-on to manage online surveys. There is a flaw in the remote installation of mod_survey which makes it vulnerable to SQL injection attacks when a database backend is being used. An attacker may use this flaw to gain control of your database.

Solution

Upgrade to mod_survey 3.0.14e or 3.0.15pre6 or higher.