Summary
The remote web server contains a PHP script which is vulnerable to a SQL injection.
Description :
The remote web server hosts Digital Scribe, a student-teacher set of scripts written in PHP.
The version of Digital Scribe installed on the remote host is prone to SQL injection attacks through the 'login.php' script. A malicious user may be able to exploit this issue to manipulate database queries to, say, bypass authentication.
Solution
Unknown at this time.
Severity
Classification
-
CVE CVE-2005-2987 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities