Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

MercuryBoard < 1.1.3 Multiple Vulnerabilities

High

Synopsis

The remote web server contains a script that is vulnerable to a SQL injection attack.

Description

The remote host is running MercuryBoard, a web-based Message board written in PHP.

This version of MercuryBoard is vulnerable to a Cross-Site Scripting (XSS) attack

An attacker exploiting this flaw would need to be able to convince an unsuspecting user to visit a malicious website. Upon successful exploitation, the attacker would be able to possibly steal credentials or execute browser-side code.

In addition, the remote host is vulnerable to a SQL Injection attack. An attacker exploiting this flaw would be able to read data, modify data, or execute commands.

Solution

Upgrade to version 1.1.3 or higher.