HTTP: L-Forum SQL Injection
This signature detects attempts to exploit a known vulnerability in L-Forum Web BBS package. The search.php script does not properly escape queries that are passed to it from the URL. Attackers can use a maliciously crafted URL in a Web browser to perform a SQL injection attack.
Extended Description
Reportedly, L-Forum is vulnerable to SQL injection attacks. The vulnerability lies in the file 'search.php' L-Forum does not properly sanitize user input that is used as part of the search parameter in the 'search.php' file. SQL code may be inserted into the requests and executed by the database server.
Affected Products
Leszek_krupinski l-forum
References
BugTraq: 5468
CVE: CVE-2002-1457
URL: http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0074.html
Short Name
HTTP:SQL:INJ:L-FORUM
Severity
Minor
Recommended
False
Recommended Action
None
Category
HTTP
Keywords
CVE-2002-1457 Injection L-Forum SQL bid:5468
Release Date
04/22/2003
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3375
False Positive
Unknown
Vendors
Leszek_krupinski
CVSS Score
7.5