bttlxeForum login.asp < 2.0 Multiple SQL Injection

medium Nessus Network Monitor Plugin ID 1559

Synopsis

The remote host is running bttlxeForum, a set of CGI designed to manager a web-based forum server.

Description

There is a SQL injection vulnerability in this installation which allows an attacker to gain the privileges of the administrator while logging in, or to take the control of the remote database.

Solution

Upgrade to version 2.0 or higher.

See Also

http://www.nessus.org/u?6c26f56c

http://www.battleaxesoftware.com/forums/forum.asp?forumid=36&select=1812

Plugin Details

Severity: Medium

ID: 1559

Family: CGI

Published: 8/18/2004

Updated: 3/6/2019

Nessus ID: 11548

Risk Information

VPR

Risk Factor: Medium

Score: 6.6

CVSS v2

Risk Factor: Medium

Base Score: 6.4

Temporal Score: 6.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N

CVSS v3

Risk Factor: Medium

Base Score: 6.5

Temporal Score: 6.2

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:battleaxe_software:bttlxeforum

Reference Information

CVE: CVE-2003-0215

BID: 7416