 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.901111 |
| Category: | Web application abuses |
| Title: | glFusion Multiple SQL Injection Vulnerabilities |
| Summary: | glFusion is prone to multiple SQL injection vulnerabilities. |
| Description: | Summary: glFusion is prone to multiple SQL injection vulnerabilities. Vulnerability Insight: The flaws are due to improper validation of user supplied input via the 'order' and 'direction' parameters to 'search.php' that allows attacker to manipulate SQL queries by injecting arbitrary SQL code. Vulnerability Impact: Successful exploitation will let the attacker cause SQL injection attack and gain sensitive information. Affected Software/OS: glFusion version 1.1.2 and prior. Solution: Upgrade to the latest version of glFusion 1.1.8 or later. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2009-4796 BugTraq ID: 34281 http://www.securityfocus.com/bid/34281 Bugtraq: 20090329 glFusion <= 1.1.2 COM_applyFilter()/order sql injection exploit (Google Search) http://www.securityfocus.com/archive/1/502260/100/0/threaded http://www.exploit-db.com/exploits/8302 http://osvdb.org/52984 http://secunia.com/advisories/34519 XForce ISS Database: glfusion-class-sql-injection(49498) https://exchange.xforce.ibmcloud.com/vulnerabilities/49498 |
| Copyright | Copyright (C) 2010 Greenbone AG |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |