Devana 'id' SQL Injection Vulnerability Network Vulnerability

Summary

The host is running Devana and is prone to SQL injection vulnerability.

Impact

Successful exploitation will allow attacker to cause SQL Injection attack and gain sensitive information. Impact Level: Application

Solution

Upgrade to Devena-v2_beta-1 or later, For updates refer to http://sourceforge.net/projects/devana

Insight

The flaw is caused by improper validation of user-supplied input via the 'id' parameter in 'profile_view.php' which allows attacker to manipulate SQL queries by injecting arbitrary SQL code.

Affected

Devana Version 1.6.6 and prior.

References

http://packetstormsecurity.org/1003-exploits/devana-sql.txt
http://secunia.com/advisories/39121
http://www.exploit-db.com/exploits/11922

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-2673
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

AVTECH DVR Multiple Vulnerabilities
Arkeia Appliance Multiple Vulnerabilities
ActivePerl perlIS.dll Buffer Overflow
ALCASAR Remote Code Execution Vulnerability
ARRIS 2307 Unprotected Web Console

Take action and discover your vulnerabilities