The Fobuc Guestbook contains a vulnerability caused by the “category” parameter in GET requests sent to index.php, which is later used in a SQL query. If properly leveraged, this vulnerability may allow a remote attacker to inject SQL commands into a target database.
Fobuc Guestbook 0.9 and earlier versions
A remote attacker is able to insert SQL commands into the value of the "category" parameter in a query, allowing an attacker to query the database and possibly gain access to sensitive information. This may be leveraged to gain access to other sensitive components of a website or publicly facing infrastructure.
BeyondTrust Prevention and Detection:
BeyondTrust's Retina® Network Security Scanner scans devices to detect for this vulnerability.
- 19304 - Fobuc Guestbook SQL Injection Vulnerability (20130612) (Zero-Day)
No mitigation is currently available.