We use sitelock security scan and we have this 2 alert about e-newsletter can you tell me if everything are safe
Synopsis: A CGI application hosted on the remote web server is potentiallyprone to SQL injection attack.
Description: By sending specially crafted parameters to one or more CGI scripts hosted on the remote web server, SiteLock App Scan was able to get a
slower response, which suggests that it may have been able to modify the behavior of the application and directly access the underlying
An attacker may be able to exploit this issue to bypass
authentication, read confidential data, modify the remote database, or even take control of the remote operating system.
Note that this script is experimental and may be prone to false positives.
Solution: Modify the affected CGI scripts so that they properly escape
Technical Details: Using the POST HTTP method, SiteLock App Scan found that :+ The following resources may be vulnerable to blind SQL injection (time
based) :+ The 'newsletter_action' parameter of the /formation-videos/changement-de-themes/ CGI :disappointed:formation-videos/changement-de-themes/
ELECT%20pg_sleep(3);--]-------- output --------------------------------
Synopsis: It may be possible to run arbitrary code on the remote web server.
Description: The remote web server hosts CGI scripts that fail to adequately sanitize request strings. By leveraging this issue, an attacker may be
able to execute arbitrary commands on the remote host.
Note that this script uses a time-based detection method which is less reliable than the basic method
Solution: Restrict access to the vulnerable application. Contact the
vendor for a patch or upgrade.
Technical Details: Using the GET HTTP method, SiteLock App Scan found that :+ The following resources may be vulnerable to arbitrary command execution
(time based) :+ The 'share' parameter of the /formation-videos/reglage-des-parametres/ CGI
tion=&unsubscribe_code=&share=facebook%7C%7C%20ping%20-n%203%20127.0.0.1%20%26-------- output --------------------------------