The host is running AlefMentor and is prone to SQL Injection Vulnerability.
Successful exploitation could allow remote attackers to conduct SQL injection attacks. Impact Level: Application.
No solution or patch was made available for at least one year since disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one.
Input passed via the 'cont_id' and 'courc_id' parameters to 'cource.php' is not properly sanitised before being used in a SQL query. This flaw can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
AlefMentor version 2.0 to 2.2 on all running platform.
- Apache Struts2 Showcase Skill Name Remote Code Execution Vulnerability
- Adobe ColdFusion Multiple Vulnerabilities-02 May-2014
- Apache Struts2 Showcase Arbitrary Java Method Execution vulnerability
- ArticleSetup Multiple Cross-Site Scripting and SQL Injection Vulnerabilities
- Apache Struts2 Redirection and Security Bypass Vulnerabilities