| VID |
21799 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The Land Down Under (LDU) is vulnerable to an SQL injection vulnerability in the 'Referer' HTTP header. Land Down Under is a web site Content Management System (CMS) written in PHP. Land Down Under version 801 and earlier versions could allow a remote attacker to execute arbitrary SQL commands, caused by improper filtering of input passed to the 'Referer' field of the HTTP request. This vulnerability could permit a remote attacker to pass malicious input to database queries, potentially resulting in data exposure, modification of the query logic, or even data modification or attacks against the database itself. Successful exploitation requires that "magic_quotes_gpc" is disabled.
* References:
http://secunia.com/advisories/16878/
* Platforms Affected:
Neocrome Services, Land Down Under version 801 and earlier versions
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of Land Down Under (802 or later), available from the Land Down Under Web site at http://www.neocrome.net |
| Related URL |
CVE-2005-4711 (CVE) |
| Related URL |
14896 (SecurityFocus) |
| Related URL |
22352 (ISS) |
|
