Intrusion Prevention

GNUTurk.TID.Parameter.SQL.Injection

Description

GNUTURK has an SQL-injection vulnerability. A remote attacker could execute arbitrary SQL commands in the back-end database via a specially-crafted HTTP request to the "mods.php" script with injecting SQL statements in "t_id" parameter.

Affected Products

GNUTURK PORTAL 2G and prior.

Impact

Data Manipulation.

Recommended Actions

Currently we are not aware of any vendor-supplied patches for this issue.
http://www.gnuturk.com/

CVE References

CVE-2006-4867