Detections
Analytics
Scrutinizer < 9.0.1 d4d/alarms.php Multiple Parameters SQLi
high Nessus Plugin ID 58993
Language:
Synopsis
The remote web server hosts an application that is affected by a SQL injection vulnerability.Description
The version of Scrutinizer installed on the remote web server is affected by a SQL injection vulnerability in multiple parameters of the 'd4d/alarms.php' script.An unauthenticated remote attacker can leverage this issue to manipulate database queries, leading to disclosure of sensitive information, attacks against the underlying database, and the like.
Note that this install is also likely to be affected by multiple other vulnerabilities, though Nessus has not tested for these.
Solution
Upgrade to Scrutinizer 9.0.1 or later.See Also
https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2012-008/?fid=3789&dl=1
Plugin Details
Severity: High
ID: 58993
File Name: scrutinizer_alarms_sqli.nasl
Version: 1.7
Type: remote
Family: CGI abuses
Published: 5/4/2012
Updated: 1/19/2021
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: High
Score: 7.4
CVSS v2
Risk Factor: High
Base Score: 7.5
Temporal Score: 6.5
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P
Vulnerability Information
Required KB Items: www/scrutinizer_netflow_sflow_analyzer
Excluded KB Items: Settings/disable_cgi_scanning
Exploit Ease: No exploit is required
Patch Publication Date: 4/11/2012
Vulnerability Publication Date: 4/11/2012
Exploitable With
Elliot (SonicWALL Scrutinizer 9.0.1 alarms.php SQL Injection)
Reference Information
CVE: CVE-2012-1259
BID: 52989