header-logo
Suggest Exploit
vendor:
LMS Web Ensino
by:
SecurityFocus
8.8
CVSS
HIGH
Cross-site Scripting, SQL Injection, Cross-site Request Forgery, Session Fixation
79, 89, 352, 384
CWE
Product Name: LMS Web Ensino
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: N/A
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2012

LMS Web Ensino Multiple Vulnerabilities

LMS Web Ensino is prone to multiple input-validation vulnerabilities, including cross-site scripting, SQL injection, cross-site request forgery, and session fixation. Exploiting these issues could allow an attacker to execute arbitrary code, hijack a user's session, steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Mitigation:

Developers should ensure that user-supplied input is properly sanitized and validated. Additionally, developers should ensure that the application is not vulnerable to SQL injection attacks. It is also recommended that developers use a secure session-management scheme.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/46829/info

LMS Web Ensino is prone to the following input-validation vulnerabilities:

1. Multiple cross-site scripting vulnerabilities
2. An SQL-injection vulnerability
3. A cross-site request-forgery vulnerability
4. A session-fixation vulnerability

Exploiting these issues could allow an attacker to execute arbitrary code, hijack a user's session, steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. 

http://www.example.com/lms/sistema/webensino/index.php?modo=resbusca_biblioteca&pChave=a%22%2F%3E+%3Cscript%3Ealert%28%2FXSS%2F%29%3C%2Fscript%3E&Submit=Buscar 

http://www.example.com/lms/sistema/webensino/index.php?modo=itensCategoriaBiblioteca&codBibliotecaCategoria=<SQLi>

Navigation

Suggest Exploit

Services By CQR