Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

FuseTalk txForumID Parameter SQL Injection

Medium

Synopsis

The remote web server contains a ColdFusion script that is prone to a SQL injection attack.

Description

The remote host is running FuseTalk, a discussion forum implemented in ColdFusion. The version of FuseTalk installed on the remote host fails to properly sanitize user-supplied input to the 'txForumID' parameter before using it in the 'forum/include/error/forumerror.cfm' script in database queries. An unauthenticated remote attacker can leverage this issue to launch SQL injection attacks against the affected application.

Solution

No solution is known at this time.