phpWebSite index.php Search Module SQL Injection

high Nessus Plugin ID 20011

Synopsis

The remote web server contains a PHP script that is prone to SQL injection attacks.

Description

The remote host is running a version of phpWebSite that fails to sanitize user-supplied input to the 'module' parameter of the 'search' module before using it in database queries. An attacker may be able to exploit this issue to obtain sensitive information such as user names and password hashes or to launch attacks against the database.

Solution

Apply the security patch referenced in the vendor's advisory or upgrade to phpWebSite 0.10.2 or later.

See Also

https://seclists.org/fulldisclosure/2005/Oct/320

https://github.com/AppStateESS/phpwebsite

Plugin Details

Severity: High

ID: 20011

File Name: phpwebsite_search_sql_injection.nasl

Version: 1.26

Type: remote

Family: CGI abuses

Published: 10/14/2005

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.3

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/a:phpwebsite:phpwebsite

Required KB Items: www/phpwebsite

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Ease: No exploit is required

Vulnerability Publication Date: 7/7/2005

Reference Information

CVE: CVE-2005-4792

BID: 15088