Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

BoastMachine <= 3.1 'mail.php' id Parameter SQL Injection

High

Synopsis

The remote host is vulnerable to a SQL Injection attack.

Description

The remote host is running BoastMachine, a blogging software. This version of BoastMachine is vulnerable to a flaw in the mail.php script. Specifically, a remote user can pass arbitrary SQL commands to the mail.php script that would then be executed on the database server.

Solution

Upgrade to a version higher than 3.1.