This host is running Campsite and is prone to SQL injection vulnerability.

Successful exploitation will allow attacker to manipulate SQL queries by injecting arbitrary SQL code, which leads to view, add, modify or delete information in the back-end database. Impact Level: Application

Apply patch or Upgrade to Campsite version 3.3.6 or later, http://www.sourcefabric.org/en/home/web/6/campsite.htm?tpl=18 http://www.sourcefabric.org/en/home/web_news/65/important-security-patch-for-campsite-3.2-and-above.htm?tpl=32 ***** NOTE: Please ignore the warning if the patch is applied. *****

The flaw is due to improper validation of user supplied input via the 'article_id' parameter to 'javascript/tinymce/plugins/campsiteattachment/attachments.php', which is not properly sanitised before being used in SQL queries.

Campsite version 3.3.5 and prior

• http://php-security.org/2010/05/01/mops-2010-002-campsite-tinymce-article-attachment-sql-injection-vulnerability/index.html
• http://secunia.com/advisories/39580
• http://xforce.iss.net/xforce/xfdb/58285

---

Updated on 2015-03-25