Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Owl Intranet Engine < 0.91 Multiple Vulnerabilities



The remote web server contains a PHP application that is prone to several issues.


The remote host is running Owl Intranet Engine, a web-based document management system written in PHP. The version of Owl Intranet Engine on the remote host fails to sanitize input to the session ID cookie before using it in a database query. Provided PHP's 'magic_quotes_gpc' setting is disabled, an unauthenticated attacker may be able to exploit this issue to uncover sensitive information such as password hashes, modify data, launch attacks against the underlying database, and more. In addition, the application reportedly suffers from at least one cross-site scripting (XSS) issue.


Upgrade or patch according to vendor recommendations.