header-logo
Suggest Exploit
vendor:
CBMS
by:
SecurityFocus
7.5
CVSS
HIGH
Cross-Site Scripting (XSS) and SQL Injection
79, 89
CWE
Product Name: CBMS
Affected Version From: 0.7
Affected Version To: 0.7
Patch Exists: Unknown
Related CWE: N/A
CPE: a:cbms:cbms
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2002

Multiple Vulnerabilities in CBMS

It has been reported that multiple vulnerabilities exist in CBMS. Reportedly, it is possible to inject both JavaScript and SQL code into the system. It may be possible to execute script code within the context of the site as an authenticated administrator, or to view or modify sensitive database information through the subversion of an SQL query.

Mitigation:

Input validation and proper sanitization of user-supplied data.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/4957/info

It has been reported that multiple vulnerabilities exist in CBMS. Reportedly, it is possible to inject both JavaScript and SQL code into the system. It may be possible to execute script code within the context of the site as an authenticated administrator, or to view or modify sensitive database information through the subversion of an SQL query.

These issues have been reported in version 0.7 of CBMS. Other versions may share these vulnerabilities, this has not however been confirmed.

dltclnt.php?choice=yes&idnum=clientid

Navigation

Suggest Exploit

Services By CQR