HTTP: FactoSystem CMS SQL Injection
This signature detects attempts to exploit a known vulnerability in the FactoSystem Content Management System (CMS). Attackers can introduce instructions into a SQL query to create a non-authorized CMS account.
Extended Description
FactoSystem Weblog is a freely available, open source software package for weblogging and managing content. It is available for Microsoft Windows operating systems. FactoSystem does not adequately filter special characters from requests. Because of this, it may be possible for a remote user to submit a request containing encoded special characters and SQL, and execute arbitrary commands. This could lead to execution of SQL commands in the security context of web database user.
Affected Products
Factosystem factosystem_weblog
Short Name
HTTP:SQL:INJ:FACTO-CMS
Severity
Minor
Recommended
False
Recommended Action
None
Category
HTTP
Keywords
CMS CVE-2002-1499 FactoSystem Injection SQL bid:5600
Release Date
04/22/2003
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3375
False Positive
Unknown
Vendors
Factosystem
CVSS Score
7.5