Synopsis
The remote web server contains a PHP application that is affected by a SQL injection vulnerability.
Description
The version of the AEC Subscription Manager component for Joomla! and Mambo running on the remote host is affected by a SQL injection vulnerability in the acctexp.class.php script due to improper sanitization of user-supplied input to the 'usage' parameter before using it to construct database queries. Regardless of the PHP 'magic_quotes_gpc' setting, an unauthenticated, remote attacker can exploit this issue to manipulate database queries, resulting in disclosure of sensitive information, modification of data, or other attacks against the underlying database.
Solution
Unknown at this time.
Plugin Details
File Name: acctexp_usage_sql_injection.nasl
Configuration: Enable thorough checks
Supported Sensors: Nessus
Enable CGI Scanning: true
Vulnerability Information
CPE: cpe:/a:joomla:joomla%5c%21
Required KB Items: www/PHP
Excluded KB Items: Settings/disable_cgi_scanning
Exploit Ease: Exploits are available
Exploited by Nessus: true
Reference Information
BID: 29466