paFileDB pafiledb.php Multiple Parameter SQL Injection

high Nessus Plugin ID 11478

Language:

Synopsis

The remote web server contains a PHP script that is affected by several SQL injection issues.

Description

The remote installation of paFileDB is vulnerable to SQL injection attacks because of its failure to sanitize input to the 'id' and 'rating' parameters to the 'pafiledb.php' script. An attacker may use this flaw to control your database.

Solution

Unknown at this time.

See Also

https://www.securityfocus.com/archive/1/316053

Plugin Details

Severity: High

ID: 11478

File Name: pafiledb_sql_injection.nasl

Version: 1.22

Type: remote

Family: CGI abuses

Published: 3/26/2003

Updated: 6/1/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Vulnerability Information

Required KB Items: www/pafiledb

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Available: true

Exploit Ease: No exploit is required

Reference Information

BID: 7183