Summary
The remote host is running last10.php, an unofficial plugin for vBulletin which allows users to add a revolving ticker showing the last10 topics of his/her forum.
This set of script may allow an attacker to cause an SQL Injection vulnerability allowing an attacker to cause the program to execute arbitrary SQL statements.
Solution
Upgrade to the latest version of this software or disable it
Severity
Classification
-
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Apache Archiva Multiple Remote Command Execution Vulnerabilities
- Adobe ColdFusion Directory Traversal Vulnerability
- Allegro RomPager `Misfortune Cookie` Vulnerability
- Atlassian JIRA FishEye and Crucible Plugins XML Parsing Unspecified Security Vulnerability
- 68designs 68kb Multiple Remote File Include Vulnerabilities