NASLDB: Chipmunk CMScore Multiple Script SQL Injection
General
ID: 16320
Name: Chipmunk CMScore Multiple Script SQL Injection
Summary: Checks if Chipmunk CMScore is vulnerable to a SQL injection attack
Credits: Tenable Network Security, Inc.
Classification
Risk: –
CVSS: –
CVSS Base Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS Temporal Vector: CVSS2#E:H/RL:U/RC:ND
Port: 80
Family: CGI abuses
Type: Remote
Description
The remote host is running Chipmunk CMScore, a web-based software
written in PHP.
The remote version of this software is affected by several SQL
injection vulnerabilities that may allow an attacker to execute
arbitrary SQL statements using the remote SQL database.
Exploiting
Exploit Available: True
Exploitability Ease: No exploit is required
Sources
CVE: CVE-2005-0368
OSVDB: –
Bugtraq: –
scipID: –
Timeline
Vulnerability Disclosure: 2005/02/05
Patch Release: –
Plugin Release: 2005/02/08
Plugin
Version: 1.18
Filename: chipmonk_cmscore_sql.nasl
Filesize: 2843 bytes
MD5 Hash: c5c17e944844e05132eaffb6033a6f03
Identification: –
Require Keys: www/PHP
Dependencies: "http_version.nasl", "cross_site_scripting.nasl"
Copyright: This script is Copyright© 2005-2011 Tenable Network Security, Inc.
- Latest Plugins
- USN-1611-1 : thunderbird vulnerabilities
- USN-1610-1 : linux vulnerability
- USN-1609-1 : linux-ti-omap4 vulnerability
- SuSE 10 Security Update : PostgreSQL
- RHSA-2012-1364: bind97
- RHSA-2012-1363: bind
- RHSA-2012-1362: thunderbird
- RHSA-2012-1361: xulrunner
- Mandriva Linux Security Advisory : graphicsmagick
- FreeBSD : phpMyAdmin — Multiple XSS due to unescaped HTML output in Trigger, Procedure and Event pages and Fetching the version information from a non-SSL site is vulnerable to a MITM attack