• IDP Daily Update #1254
  posted: 09/05/08
  
• NSM Daily Update #1254
  posted: 09/05/08
  
• Deep Inspection 5.3r5 and above, 5.4, 6.0 #1254
  posted: 09/05/08
  
• Deep Inspection 5.1, 5.2, 5.3r4 and below #1252
  posted: 09/05/08
  
• Deep Inspection 5.0 #1132
  posted: 04/01/08
  
• Antivirus
  posted: 09/05/08

Text Size:        

• Product Information
• Security Products Overview
• Juniper Networks ISG Series
• IDP Demo
• Product Poster & Z-Card 

Title: SEO-Board Admin.PHP SQL Injection Vulnerability

Severity: HIGH

Description:

SEO-Board is a forum application written in PHP.

SEO-Board is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied cookie data that is processed by the 'admin.php' script. A malicious user may embed SQL syntax in cookies to perform SQL injection attacks. As a result, the attacker may gain administrative access to the affected application.

This vulnerability could permit remote attackers to pass malicious input to database queries, resulting in modification of query logic or other attacks.

Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.

Affected Products:

• SEO-Board SEO-Board 1.0.2

References:

• Rush Security Team <www.rst.void.ru>: SEO-Board - SQL injection throu cookie
• SEO-board: SEO-board Web Page