Summary
The host is running PHP and is prone to SQL Injection vulnerability.
Impact
Successful exploitation could allow attackers to inject SQL code in the affected user application, and this may lead to other attacks also.
Impact Level: Application
Solution
Upgrade to higher version,
http://www.php.net/downloads.php
Insight
The flaw is due to improper field change in FILTER_UNSAFE_RAW. These can be exploited when magic_quotes_gpc settings is disabled.
Affected
PHP, PHP version 5.2.7 on all running platform.
References
Severity
Classification
-
CVE CVE-2008-5844 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- AlienVault OSSIM Multiple Remote Code Execution Vulnerabilities
- Apache Struts2 'URL' & 'Anchor' tags Arbitrary Java Method Execution Vulnerabilities
- Awstats Configuration File Remote Arbitrary Command Execution Vulnerability
- ActivDesk Multiple Cross Site Scripting and SQL Injection Vulnerabilities
- Atutor AContent Multiple SQL Injection and XSS Vulnerabilities