Summary #

Invicti identified that DbNinja is publicly accessible on the target server. DbNinja is an application written in the PHP language that provides a web-based interface for the administration of MySQL databases.

Impact #
An attacker can access, modify or delete all MySQL databases.
Remediation #
Configure your web server to prevent public access to the page by implementing access control mechanisms.
Classifications #
CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C6; OWASP 2017-A6
Vulnerability Index

Vulnerability Index

You can search and find all vulnerabilities


Search Vulnerability


Dead accurate, fast & easy-to-use Web Application Security Scanner

Get a demo