{"vuid":"VU#315107","idnumber":"315107","name":"SkyPortal contains multiple SQL injection vulnerabilities","keywords":["SkyPortal","sql injection","cp_main.asp"],"overview":"SkyPortal RC6 contains multiple SQL injection vulnerabilities which could allow a remote, unauthenticated attacker to gain access to the back-end database and to add, modify or remove data.","clean_desc":"SkyPortal is a modular web portal and online community system that includes web-based administration, user selectable skins, user control panel and additional modules such as Public Events Calendar, Classifieds Manager, WebLinks Manager, Download Manager, Article Manager, and Picture Manager. There are multiple vulnerabilities in a number of pages and functions. These include nc_top.asp, inc_bookmarks.asp, inc_profile_functions.asp, inc_SUBSCRIPTIONS.asp, Avatar_URL, LINK1, and LINK2. Processing of maliciously crafted SQL commands to any of these functions could trigger the vulnerabilities. Any web site developed with vulnerable versions of SkyPortal will (or is likely to) contain SQL injection vulnerabilities.","impact":"By sending specially crafted SQL statements to any of the stated functions, a remote, unauthenticated attacker could gain access to the system to add, modify or remove data. Attackers are using automated tools to inject malicious content into vulnerable sites.","resolution":"This vulnerability was addressed in SkyPortal 1.0 and later.","workarounds":"","sysaffected":"","thanks":"The BugReport Security Research & Penetration Testing Group is credited with the discovery of these vulnerabilities.","author":"This document was written by Joseph Pruszynski.","public":["http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6078","http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6078","http://xforce.iss.net/xforce/xfdb/38595","http://www.informationweek.com/news/security/vulnerabilities/showArticle.jhtml?articleID=207402562","http://blog.wired.com/monkeybites/2008/04/microsoft-datab.html","http://www.owasp.org/index.php/SQL_Injection"],"cveids":["CVE-2007-6078"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2007-11-23T17:10:18Z","publicdate":"2007-11-21T00:00:00Z","datefirstpublished":"2008-06-11T18:21:16Z","dateupdated":"2008-06-11T18:21:33Z","revision":17,"vrda_d1_directreport":"0","vrda_d1_population":"1","vrda_d1_impact":"2","cam_widelyknown":"16","cam_exploitation":"16","cam_internetinfrastructure":"10","cam_population":"10","cam_impact":"13","cam_easeofexploitation":"16","cam_attackeraccessrequired":"16","cam_scorecurrent":"26.208","cam_scorecurrentwidelyknown":"28.704","cam_scorecurrentwidelyknownexploited":"31.2","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":26.208,"vulnote":null}