PCI: Security Metrics Perimeter scan produced: A CGI application hosted on the remote web server is potentially prone to SQL injection attack.

Description: CGI Generic SQL Injection (blind, time based)

Synopsis: A CGI application hosted on the remote web server is potentially prone to SQL injection attack.

Impact: By sending specially crafted parameters to one or more CGI scripts hosted on the remote web server, Security Metrics was able to get a slower response, which suggests that it may have been able to modify the behavior of the application and directly access the underlying database. An attacker may be able to exploit this issue to bypass authentication, read confidential data, modify the remote database, or even take control of the remote operating system.

Note that this script is experimental and may be prone to false positives.

To validate whether this is a false positive or not you should follow the steps below:

  1. Log into NetCommunity as a Supervisor
  2. Navigate to Administration>Sites & Settings
  3. Select the effected site in the left column
  4. Once the Site screen appears navigate to the bottom of the page to Single Sign-On Authentication
  5. Ensure Single Sign-On Authentication is marked, then click Save
  6. Rescan the site
     
How to troubleshoot failures of PCI scan reports

Environment

 6.58.806 Patch 6

Was this article helpful?


Thanks for your feedback! Did this solve your issue?

Comments (optional):


Thanks for your feedback!
We're glad it was helpful but sorry it didn’t solve your issue. If you need assistance, click Chat with Support below.
We’re sorry to hear that. Please tell us why.

 I don't like how this works.

 The answer is confusing.

 The answer didn't match what I was searching for.

Additional Comments (optional):


Thanks for your feedback! If you need assistance, click Chat with Support below.
Thanks for your feedback. Help us make our products even better by sharing details in our Idea Banks or our online Community.
Thanks for letting us know. We'll work on clarifying the information in the article. If you need assistance, click Chat with Support below.
Thanks for letting us know. We'll work on updating the search engine to return more relevant results.