ID de Prueba:	1.3.6.1.4.1.25623.1.0.20170
Categoría:	Web application abuses
Título:	phpWebThings forum Parameter SQL Injection Vulnerabilities
Resumen:	The version of phpWebThings installed on the remote host does not; properly sanitize user input in the 'forum' and 'msg' parameters of 'forum.php' script before using; it in database queries.
Descripción:	Summary: The version of phpWebThings installed on the remote host does not properly sanitize user input in the 'forum' and 'msg' parameters of 'forum.php' script before using it in database queries. Vulnerability Impact: An attacker can exploit this vulnerability to display the usernames and passwords (md5 hash) from the website and then use this information to gain administrative access to the affected application. Solution: Apply the phpWebthings 1.4 forum patch referenced in the third URL above. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2005-3585 BugTraq ID: 15277 http://www.securityfocus.com/bid/15277 Bugtraq: 20051105 XSS & SQL injection in phpWebThing (Google Search) http://marc.info/?l=bugtraq&m=113122187101383&w=2 Bugtraq: 20051211 [PHP-CHECKER] 99 potential SQL injection vulnerabilities (Google Search) http://www.securityfocus.com/archive/1/419280/100/0/threaded http://glide.stanford.edu/yichen/research/sec.pdf http://www.osvdb.org/20441 http://secunia.com/advisories/17410/ XForce ISS Database: phpwebthings-forum-sql-injection(22972) https://exchange.xforce.ibmcloud.com/vulnerabilities/22972 Common Vulnerability Exposure (CVE) ID: CVE-2005-4218 BugTraq ID: 15465 http://www.securityfocus.com/bid/15465 https://www.exploit-db.com/exploits/1324 http://rgod.altervista.org/phpwebth14_xpl.html
Copyright	Copyright (C) 2005 Ferdy Riphagen

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.