GlFusion Multiple SQL Injection Vulnerabilities Network Vulnerability

Summary

This host is running glFusion and is prone to multiple SQL injection vulnerabilities.

Impact

Successful exploitation will let the attacker cause SQL injection attack and gain sensitive information. Impact Level: Application

Solution

Upgrade to the latest version of glFusion 1.1.8 or later, For updates refer to http://www.glfusion.org/filemgmt/index.php

Insight

The flaws are due to improper validation of user supplied input via the 'order' and 'direction' parameters to 'search.php' that allows attacker to manipulate SQL queries by injecting arbitrary SQL code.

Affected

glFusion version 1.1.2 and prior.

References

http://secunia.com/advisories/34519
http://www.securityfocus.com/archive/1/archive/1/502260/100/0/threaded

Updated on 2017-03-28

Severity

Classification

CVE CVE-2009-4796
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

AWStats Totals 'sort' Parameter Remote Command Execution Vulnerabilities
Advantech WebAccess Multiple Vulnerabilities
Atutor AContent Multiple SQL Injection and XSS Vulnerabilities
AlienVault OSSIM Multiple Remote Code Execution Vulnerabilities
Apple Safari RSS Feed Information Disclosure Vulnerability

glFusion Multiple SQL Injection Vulnerabilities

Take action and discover your vulnerabilities