PCI: Security Metrics Perimeter scan produced: A CGI application hosted on the remote web server is potentially prone to SQL injection attack.

Description: CGI Generic SQL Injection (blind, time based)

Synopsis: A CGI application hosted on the remote web server is potentially prone to SQL injection attack.

Impact: By sending specially crafted parameters to one or more CGI scripts hosted on the remote web server, Security Metrics was able to get a slower response, which suggests that it may have been able to modify the behavior of the application and directly access the underlying database. An attacker may be able to exploit this issue to bypass authentication, read confidential data, modify the remote database, or even take control of the remote operating system.

Note that this script is experimental and may be prone to false positives.

To validate whether this is a false positive or not you should follow the steps below:

  1. Log into NetCommunity as a Supervisor
  2. Navigate to Administration>Sites & Settings
  3. Select the effected site in the left column
  4. Once the Site screen appears navigate to the bottom of the page to Single Sign-On Authentication
  5. Ensure Single Sign-On Authentication is marked, then click Save
  6. Rescan the site
     

Environment

 6.58.806 Patch 6

Was this article helpful?