Intrusion Prevention

Softbiz.reportlink.php.sbresid.SQL.Injection

Description

This indicates an attacker attempted an SQL Injection attack against the Softbiz Resource Repository Script.
"Softbiz Resource Repository Script contains a flaw that may allow an attacker to carry out SQL injection attacks. The flaw is in the "report_link.php" script not properly sanitizing user-supplied input to the "sbres_id" variable. A successful exploit can allow an attacker to execute SQL queries against the database.

Affected Products

Softbiz Resource Repository Script 1.1 .

Impact

Compromise of the Database.

Recommended Actions

Apply appropriate patch from the vendor or upgrade to non-vulnerable version if available.

CVE References

CVE-2005-3879