Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | |||
Test Kennung: | 1.3.6.1.4.1.25623.1.0.800628 |
Kategorie: | Web application abuses |
Titel: | Claroline 'notfound.php' Cross-Site Scripting Vulnerability |
Zusammenfassung: | The host is running Claroline and is prone to SQL Injection; Vulnerability. |
Beschreibung: | Summary: The host is running Claroline and is prone to SQL Injection Vulnerability. Vulnerability Insight: The flaw is due to: - error in 'claroline/linker/notfound.php' which is not properly sanitising input data passed via the 'Referer' header, before being returned to the user. - error in 'group/group.php' which is not properly sanitising input data passed to the 'sort' parameter, before being used in an SQL query. Vulnerability Impact: Successful exploitation will allow attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. Affected Software/OS: Claroline Version 1.8.11 and prior. Solution: Upgrade to the version version 1.8.12 or later. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N |
Querverweis: |
BugTraq ID: 34883 Common Vulnerability Exposure (CVE) ID: CVE-2009-1907 http://www.securityfocus.com/bid/34883 Bugtraq: 20090508 Claroline v.1.8.11 Cross-Site Scripting (Google Search) http://www.securityfocus.com/archive/1/503365/100/0/threaded http://gsasec.blogspot.com/2009/05/claroline-v1811-cross-site-scripting.html http://www.securitytracker.com/id?1022198 http://secunia.com/advisories/35019 XForce ISS Database: claroline-notfound-xss(50404) https://exchange.xforce.ibmcloud.com/vulnerabilities/50404 |
Copyright | Copyright (C) 2009 Greenbone Networks GmbH |
Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |