Web application abuses : bloofoxCMS 'gender' Parameter SQL Injection Vulnerability

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.100877

Categoría: Web application abuses

Título: bloofoxCMS 'gender' Parameter SQL Injection Vulnerability

Resumen: bloofoxCMS is prone to an SQL-injection vulnerability because it fails to; sufficiently sanitize user-supplied data before using it in an SQL query.

Descripción: Summary:
bloofoxCMS is prone to an SQL-injection vulnerability because it fails to
sufficiently sanitize user-supplied data before using it in an SQL query.

Vulnerability Impact:
Exploiting this issue can allow an attacker to compromise the application,
access or modify data, or exploit latent vulnerabilities in the underlying database.

Affected Software/OS:
bloofoxCMS 0.3.5 is vulnerable. Other versions may also be affected.

Solution:
No known solution was made available for at least one year since the disclosure
of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer
release, disable respective features, remove the product or replace the product by another one.

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2010-4870
BugTraq ID: 44464
http://www.securityfocus.com/bid/44464
Bugtraq: 20101027 SQL injection in BloofoxCMS registration plugin (Google Search)
http://www.securityfocus.com/archive/1/514479/100/100/threaded
http://www.exploit-db.com/exploits/15328
http://packetstormsecurity.org/1010-exploits/bloofoxcms-sql.txt
http://www.htbridge.ch/advisory/sql_injection_in_bloofoxcms_registration_plugin.html
http://securityreason.com/securityalert/8427
XForce ISS Database: bloofoxcms-name-sql-injection(62810)
https://exchange.xforce.ibmcloud.com/vulnerabilities/62810

Copyright Copyright (C) 2010 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.100877
Categoría:	Web application abuses
Título:	bloofoxCMS 'gender' Parameter SQL Injection Vulnerability
Resumen:	bloofoxCMS is prone to an SQL-injection vulnerability because it fails to; sufficiently sanitize user-supplied data before using it in an SQL query.
Descripción:	Summary: bloofoxCMS is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Vulnerability Impact: Exploiting this issue can allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. Affected Software/OS: bloofoxCMS 0.3.5 is vulnerable. Other versions may also be affected. Solution: No known solution was made available for at least one year since the disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2010-4870 BugTraq ID: 44464 http://www.securityfocus.com/bid/44464 Bugtraq: 20101027 SQL injection in BloofoxCMS registration plugin (Google Search) http://www.securityfocus.com/archive/1/514479/100/100/threaded http://www.exploit-db.com/exploits/15328 http://packetstormsecurity.org/1010-exploits/bloofoxcms-sql.txt http://www.htbridge.ch/advisory/sql_injection_in_bloofoxcms_registration_plugin.html http://securityreason.com/securityalert/8427 XForce ISS Database: bloofoxcms-name-sql-injection(62810) https://exchange.xforce.ibmcloud.com/vulnerabilities/62810
Copyright	Copyright (C) 2010 Greenbone AG