|Title:||OpenBB SQL injection|
The remote host seems to be running OpenBB, a forum management
There is a bug which allows an attacker to inject SQL command
when passing a single quote (') to the CID argument of the
file index.php, as in : GET /index.php?CID='
An attacker may use this flaw to gain credentials or to modify
Solution : If the remote host is running OpenBB, upgrade to the latest version
Risk factor : High
BugTraq ID: 7401|
BugTraq ID: 7404
BugTraq ID: 7405
|Copyright||This script is Copyright (C) 2003 Renaud Deraison|
|This is only one of 87302 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.