| VID |
21568 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
A version of CoolForum software which is older than version 0.7.3 is detected as installed on the host. CoolForum is an Web forum software written in PHP. CoolForum versions prior to 0.7.3 could allow a remote attacker to carry out HTML and SQL injection attacks. Multiple SQL injection vulnerabilities can allow a remote attacker to inject arbitrary SQL queries into the database used by CoolForum. And multiple HTML injection vulnerabilities can allow for theft of cookie based authentication credentials and other attacks.
* Note: This check solely relied on the version number of the CoolForum software installed on the remote Web server to assess this vulnerability, so this might be a false positive.
* References:
http://securitytracker.com/alerts/2005/Jan/1012985.html
* Platforms Affected:
SORIANO Denis / Cool Coyote, CoolForum versions prior to 0.7.3
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of CoolForum (0.7.3 beta or later), available at the CoolForum Web site at http://www.coolforum.net/index.php?p=dlcoolforum |
| Related URL |
(CVE) |
| Related URL |
12392 (SecurityFocus) |
| Related URL |
19069,19070,19073 (ISS) |
|
