Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Powie PHP Forum < 1.15 Multiple Vulnerabilities

High

Synopsis

The remote web server contains a script which is vulnerable to a SQL injection attack.

Description

The remote host is running an old version of Powie PHP Forum, a web forum software implemented in PHP. It is reported that version prior 1.15 are vulnerable to multiple security issue including cross-site scripting and SQL injection. An attacker may gain access on the forum as a specific user or as an administrator or steal a victim's cookie-based authentication credentials using malicious HTML code.

Solution

Upgrade to Powie PHP Forum 1.15 or higher.