vendor:
MKPortal
by:
SecurityFocus
8.8
CVSS
HIGH
Cross-site scripting and SQL-injection
79, 89
CWE
Product Name: MKPortal
Affected Version From: MKPortal version 1.1 in conjunction with vBulletin 3.5.4
Affected Version To: Other versions may also be affected.
Patch Exists: N/A
Related CWE: N/A
CPE: N/A
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2005
MKPortal Multiple Input-Validation Vulnerabilities
MKPortal is prone to multiple input-validation vulnerabilities. The issues include cross-site scripting and SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. Successfully exploiting these vulnerabilities could allow an attacker to compromise the application, access or modify data, steal cookie-based authentication credentials, or even exploit vulnerabilities in the underlying database implementation. Other attacks are also possible.
Mitigation:
Input validation should be used to ensure that untrusted data is not allowed to affect the application's control flow or the data that it manipulates. Additionally, applications should use a secure authentication mechanism to ensure that only authorized users can access sensitive data.
