Bitweaver Multiple Input Validation Vulnerabilities

vendor:

Bitweaver

by:

SecurityFocus

7.5

CVSS

HIGH

Multiple HTML-injection and SQL-injection issues

89, 94, 95, 99, 611

CWE

Product Name: Bitweaver

Affected Version From: 1.3.2001

Affected Version To: 1.3.2001

Patch Exists: YES

Related CWE: N/A

CPE: a:bitweaver:bitweaver

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2006

Bitweaver Multiple Input Validation Vulnerabilities

Bitweaver is prone to multiple input-validation vulnerabilities because the application fails to sufficiently sanitize user-supplied input. These issues include multiple HTML-injection issues and multiple SQL-injection issues. A successful exploit of these vulnerabilities could allow an attacker to compromise the application, access or modify data, steal cookie-based authentication credentials, or even exploit vulnerabilities in the underlying database implementation. Other attacks are also possible.

Mitigation:

Input validation should be used to ensure that user-supplied data is properly sanitized. Additionally, applications should be designed to use the least-privileged user account possible.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/20988/info

Bitweaver is prone to multiple input-validation vulnerabilities because the application fails to sufficiently sanitize user-supplied input. These issues include multiple HTML-injection issues and multiple SQL-injection issues. 

A successful exploit of these vulnerabilities could allow an attacker to compromise the application, access or modify data, steal cookie-based authentication credentials, or even exploit vulnerabilities in the underlying database implementation. Other attacks are also possible.

Bitweaver 1.3.1 and prior versions are vulnerable to these issues.

http://www.example.com/newsletters/edition.php?tk=[SQL]&find=1&search=suchen