Short Name |
HTTP:SQL:INJ:FACTO-CMS |
---|---|
Severity |
Minor |
Recommended |
No |
Category |
HTTP |
Keywords |
FactoSystem CMS SQL Injection |
Release Date |
2003/04/22 |
Update Number |
1213 |
Supported Platforms |
di-5.3+, idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
This signature detects attempts to exploit a known vulnerability in the FactoSystem Content Management System (CMS). Attackers can introduce instructions into a SQL query to create a non-authorized CMS account.
FactoSystem Weblog is a freely available, open source software package for weblogging and managing content. It is available for Microsoft Windows operating systems. FactoSystem does not adequately filter special characters from requests. Because of this, it may be possible for a remote user to submit a request containing encoded special characters and SQL, and execute arbitrary commands. This could lead to execution of SQL commands in the security context of web database user.