GNUTurk.TID.Parameter.Forum.SQL.Injection
Description
This indicates an attempt to exploit a SQL injection vulnerability in GNUTURK.
A remote attacker could execute arbitrary SQL commands in the back-end database via a specially-crafted HTTP request to the "mods.php" script with injecting SQL statements in "t_id" parameter.
Affected Products
GNUTURK PORTAL 2G and prior.
Impact
Data Manipulation.
Recommended Actions
Currently we are not aware of any vendor-supplied patches for this issue.
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |