The host is running AlefMentor and is prone to SQL Injection Vulnerability.
Successful exploitation could allow remote attackers to conduct SQL injection attacks. Impact Level: Application.
No solution or patch was made available for at least one year since disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one.
Input passed via the 'cont_id' and 'courc_id' parameters to 'cource.php' is not properly sanitised before being used in a SQL query. This flaw can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
AlefMentor version 2.0 to 2.2 on all running platform.
- A Really Simple Chat Multiple SQL Injection Vulnerabilities
- Avenger's News System Command Execution
- Atutor AContent Multiple SQL Injection and XSS Vulnerabilities
- Ajax File and Image Manager 'data.php' PHP Code Injection Vulnerability
- Apache Axis2 Document Type Declaration Processing Security Vulnerability