NConf delete_attr.php id Parameter SQL Injection

high Nessus Plugin ID 65721

Synopsis

The remote web server hosts a PHP script that is affected by a SQL injection vulnerability.

Description

The version of the NConf installed on the remote host is affected by a SQL injection vulnerability because it fails to properly sanitize user-supplied input to the 'id' parameter of the 'delete_attr.php' script. An attacker may be able to leverage this to manipulate data in the back-end database or disclose arbitrary data.

Note that the application is also reportedly affected by additional SQL Injection vulnerabilities and multiple cross-site scripting vulnerabilities as well as a path disclosure issue but Nessus has not tested for these additional issues.

Solution

Unknown at this time.

See Also

http://www.nessus.org/u?563f2f19

Plugin Details

Severity: High

ID: 65721

File Name: nconf_delete_attr_id_sql_injection.nasl

Version: 1.5

Type: remote

Family: CGI abuses

Published: 3/28/2013

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Vulnerability Information

CPE: x-cpe:/a:nconf:nconf

Required KB Items: www/PHP

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 3/4/2013

Reference Information

BID: 58295