I have hackerproof for pci scanning. It says the site is not compliant.
Security Hole found on port/service "http (80/tcp)"
Solution Modify the relevant CGIs so that they properly escape arguments
Risk factor High
See also : http://www.securiteam.com/securityre...DP0N1P76E.html
"Comodo SQL injections"
"CGI abuses "
"Medium Priority
Plugin
Category
Priority
Description The following CGI script seem to be vulnerable to various SQL injection techniques : /c-57-under-cabinet-lighting.aspx
Unsafe arguments : pagenum
Unsafe URLs : /c-57-under-cabinet-lighting.aspx?pagenum=QUOTETEST%271%221%60 (Internal Server Error)
An attacker may exploit this flaws to bypass authentication or to take the control of the remote database.
Security Hole