I've been running some vunlnerability assements using the Openvas tool.
After upgrading the OMSA on servers to 126.96.36.199, Openvas shows this for all 1311 tcp ports:
The following URLs seem to be vulnerable to BLIND SQL injection techniques : /HelpViewer?file=Redirect&app=oma+AND+1=1 An attacker may exploit this flaws to bypass authentication or to take the control of the remote database. Solution: Modify the relevant CGIs so that they properly escape arguments See also : http://www.securitydocs.com/library/2651
Any clues as to a fix ?
We thank you for your forum submission and I have forwarded your information on and when we have updated information, it will be posted here.
I'm a NVT Developer off the OpenVAS project and by chance I stumbled upon this article. I did a quick check of the wpoison nasl and can say that this is a false positive because of a bug in this NVT. This NVT is updated as soon as possible in the feed.
Sorry for the inconvenience.