Short Name |
HTTP:SQL:INJ:L-FORUM |
---|---|
Severity |
Minor |
Recommended |
No |
Category |
HTTP |
Keywords |
L-Forum SQL Injection |
Release Date |
2003/04/22 |
Update Number |
1213 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
This signature detects attempts to exploit a known vulnerability in L-Forum Web BBS package. The search.php script does not properly escape queries that are passed to it from the URL. Attackers can use a maliciously crafted URL in a Web browser to perform a SQL injection attack.
Reportedly, L-Forum is vulnerable to SQL injection attacks. The vulnerability lies in the file 'search.php' L-Forum does not properly sanitize user input that is used as part of the search parameter in the 'search.php' file. SQL code may be inserted into the requests and executed by the database server.