A Nessus scan returns the following vulnerability. Can you provide me with a statement that this is not an issue, or fix/change it to not be flagged by the scanner. I am sure other customers have run into this already, should be a faq. Thanks.
The following URLs seem to be vulnerable to BLIND SQL injection techniques : /public/checklogin.htm?loginurl=&password=&guiselect=radio+AND+1=1&username= An attacker may exploit this flaws to bypass authentication or to take the control of the remote database. Solution : Modify the relevant CGIs so that they properly escape arguments Risk factor : High See also : http://www.securitydocs.com/library/2651