A CGI application hosted on the remote web server is potentially prone to SQL in

Getting this error. Realized it is part of the theme. Is there any way to fix it.

Synopsis: A CGI application hosted on the remote web server is potentially prone to SQL injection attack.

Description: By sending specially crafted parameters to one or more CGI scripts hosted on the remote web server, SiteLock was able to get a slower response, which suggests that it may have been able to modify the behavior of the application and directly access the underlying database.

An attacker may be able to exploit this issue to bypass authentication, read confidential data, modify the remote database, or even take control of the remote operating system.

Note that this script is experimental and may be prone to false positives.

Solution: Modify the affected CGI scripts so that they properly escape arguments.

Technical Details:

Using the GET HTTP method, SiteLock found that :

+ The following resources may be vulnerable to blind SQL injection (time based) :

+ The ‘avia_avia_username_1′ parameter of the /welcome/ CGI :

/welcome/?avia_0_1=&avia_1_1=&avia_2_1=&avia_generated_form1=1&avia_avia
_username_1=’);WAITFOR%20DELAY%20’00:00:21′;–

——– output ——–