Detections
Analytics
FuseTalk txForumID Parameter SQL Injection
medium Nessus Network Monitor Plugin ID 4112
Synopsis
The remote web server contains a ColdFusion script that is prone to a SQL injection attack.Description
The remote host is running FuseTalk, a discussion forum implemented in ColdFusion. The version of FuseTalk installed on the remote host fails to properly sanitize user-supplied input to the 'txForumID' parameter before using it in the 'forum/include/error/forumerror.cfm' script in database queries. An unauthenticated remote attacker can leverage this issue to launch SQL injection attacks against the affected application.Solution
No solution is known at this time.See Also
http://archives.neohapsis.com/archives/bugtraq/2007-06/0227.html
Plugin Details
Severity: Medium
ID: 4112
Family: CGI
Published: 6/22/2007
Updated: 3/6/2019
Nessus ID: 25548
Risk Information
VPR
Risk Factor: Medium
Score: 5.9
CVSS v2
Risk Factor: Medium
Base Score: 5.8
Temporal Score: 4.8
Vector: CVSS2#AV:A/AC:L/Au:N/C:P/I:P/A:P
CVSS v3
Risk Factor: Medium
Base Score: 6.3
Temporal Score: 5.9
Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Temporal Vector: CVSS:3.0/E:F/RL:O/RC:X
Vulnerability Information
CPE: cpe:/a:fusetalk:fusetalk
Reference Information
CVE: CVE-2007-3273
BID: 24498