| VID |
21419 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The INL Ulog-php has a 'port.php' script SQL Injection Vulnerability.
INLUlog-php is a firewall log interface developed in PHP for Unix and Linux-based operating systems. Ulog-php prior versions to 0.8.2 are vulnerable to a SQL Injection attack, caused by a failure of the application to properly sanitize user-supplied URI data prior to including it in an SQL query. By sending a specially-crafted request to the 'port.php' script containing embedded SQL commands in the 'proto' parameter, a remote attacker could obtain sensitive information and add, modify or delete data in the backend database.
* References:
http://www.osvdb.org/displayvuln.php?osvdb_id=9098
http://securitytracker.com/alerts/2004/Aug/1011031.html
* Platforms Affected:
INL, Ulog-php prior to 0.8.2
Linux Any version
Unix Any version |
| Recommendation |
Upgrade to the latest version of Ulog-php (0.8.2 or later), available from the Ulog-php Web page at http://www.inl.fr/article.php3?id_article=7 |
| Related URL |
CVE-2004-2062 (CVE) |
| Related URL |
11018 (SecurityFocus) |
| Related URL |
17088 (ISS) |
|
