vendor:
4images
by:
SecurityFocus
7,5
CVSS
HIGH
Cross-Site Scripting, Open-Redirection, SQL-Injection
79,601,89
CWE
Product Name: 4images
Affected Version From: 1.7.10
Affected Version To: 1.7.10
Patch Exists: YES
Related CWE: N/A
CPE: 4images
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2012
4images Multiple Input-Validation Vulnerabilities
4images is prone to multiple input-validation vulnerabilities including cross-site scripting, open-redirection, and SQL-injection. An attacker may leverage these issues to perform spoofing and phishing attacks, to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database and execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site.
Mitigation:
Developers should ensure that user-supplied input is properly sanitized and validated before being used in the application. Additionally, developers should ensure that the application is not vulnerable to SQL injection attacks.
