|Category:||Web application abuses|
|Title:||phpRAINCHECK 'print_raincheck.php' SQL injection vulnerability|
|Summary:||Check for the version of phpRAINCHECK|
Overview: This host is running phpRAINCHECK and is prone to SQL injection
The flaw is caused by improper validation of user-supplied input via the 'id'
parameter in print_raincheck.php that allows attacker to manipulate SQL
queries by injecting arbitrary SQL code.
Successful exploitation will allow attacker to execute arbitrary SQL queries and
gain sensitive information.
Impact Level: Application
PHP RAINCHECK 1.0.1 and prior
No solution or patch is available as of 27th April, 2010. Information
regarding this issue will be updated once the solution details are available.
For updates refer to http://sourceforge.net/projects/phpraincheck/
BugTraq ID: 38521|
Common Vulnerability Exposure (CVE) ID: CVE-2010-1538
XForce ISS Database: phpraincheck-printraincheck-sql-injection(56578)
|Copyright||Copyright (C) 2010 SecPod|
|This is only one of 38907 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.