Intrusion Prevention

Softbiz.Detailsres.Sbresid.SQL.Injection

Description

This indicates an attacker attempted an SQL Injection attack against the Softbiz Resource Repository Script.
Softbiz Resource Repository Script contains multiple flaws that may allow an attacker to carry out SQL injection attacks. The problems are in the sbres_id parameter in details_res.php, refer_friend.php, and report_link.php, and the sbcat_id parameter in showcats.php. A successful exploit can allow an attacker to execute SQL queries into the database.

Affected Products

Softbiz Resource Repository Script 1.1 .

Impact

Compromise of the Database.

Recommended Actions

Apply appropriate patch from the vendor or upgrade to non-vulnerable version if available.

CVE References

CVE-2005-3879