Overview
SkyPortal RC6 contains multiple SQL injection vulnerabilities which could allow a remote, unauthenticated attacker to gain access to the back-end database and to add, modify or remove data.
Description
SkyPortal is a modular web portal and online community system that includes web-based administration, user selectable skins, user control panel and additional modules such as Public Events Calendar, Classifieds Manager, WebLinks Manager, Download Manager, Article Manager, and Picture Manager. There are multiple vulnerabilities in a number of pages and functions. These include nc_top.asp, inc_bookmarks.asp, inc_profile_functions.asp, inc_SUBSCRIPTIONS.asp, Avatar_URL, LINK1, and LINK2. Processing of maliciously crafted SQL commands to any of these functions could trigger the vulnerabilities. |
Impact
By sending specially crafted SQL statements to any of the stated functions, a remote, unauthenticated attacker could gain access to the system to add, modify or remove data. Attackers are using automated tools to inject malicious content into vulnerable sites. |
Solution
This vulnerability was addressed in SkyPortal 1.0 and later. |
Vendor Information
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | ||
| Temporal | ||
| Environmental |
References
- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6078
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6078
- http://xforce.iss.net/xforce/xfdb/38595
- http://www.informationweek.com/news/security/vulnerabilities/showArticle.jhtml?articleID=207402562
- http://blog.wired.com/monkeybites/2008/04/microsoft-datab.html
- http://www.owasp.org/index.php/SQL_Injection
Acknowledgements
The BugReport Security Research & Penetration Testing Group is credited with the discovery of these vulnerabilities.
This document was written by Joseph Pruszynski.
Other Information
| CVE IDs: | CVE-2007-6078 |
| Severity Metric: | 26.21 |
| Date Public: | 2007-11-21 |
| Date First Published: | 2008-06-11 |
| Date Last Updated: | 2008-06-11 18:21 UTC |
| Document Revision: | 17 |