This host is installed with Bacula-web and is prone to sql injection vulnerability.
Successful exploitation will allow attacker to manipulate SQL queries in the backend database, and disclose certain sensitive information. Impact Level: Application
No solution or patch is available as of 20th February, 2015. Information regarding this issue will be updated once the solution details are available, For updates refer http://www.bacula-web.org
Flaw is due to the joblogs.php script not properly sanitizing user-supplied input to the 'jobid' parameter.
Bacula-web version 5.2.10, Other versions may also be affected.
Send a crafted request via HTTP GET and check whether it is able to execute sql query or not.
- AproxEngine Multiple Remote Input Validation Vulnerabilities
- A-Blog 'sources/search.php' SQL Injection Vulnerability
- Adobe ColdFusion Information Disclosure Vulnerability
- Ad Manager Pro Multiple SQL Injection And XSS Vulnerabilities
- ActualAnalyzer Lite 'ant' Cookie Parameter Remote Command Execution Vulnerability