PKs Movie Database Cross-Site Scripting and SQL Injection Vulnerabilities

vendor:

PKs Movie Database

by:

SecurityFocus

7.5

CVSS

HIGH

Cross-Site Scripting and SQL Injection

89, 89, 89

CWE

Product Name: PKs Movie Database

Affected Version From: 3.0.3

Affected Version To: 3.0.3

Patch Exists: YES

Related CWE: N/A

CPE: PKs Movie Database

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

PKs Movie Database Cross-Site Scripting and SQL Injection Vulnerabilities

PKs Movie Database is prone to a cross-site scripting vulnerability and an SQL-injection vulnerability because the application fails to sufficiently sanitize user-supplied input. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Mitigation:

Input validation should be used to ensure that untrusted data is not used to execute unintended commands or queries. It is also important to keep applications updated with the latest security patches.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/27713/info

PKs Movie Database is prone to a cross-site scripting vulnerability and an SQL-injection vulnerability because the application fails to sufficiently sanitize user-supplied input.

Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

These issues affect PKs Movie Database 3.0.3; other versions may also be affected. 

http://www.example.com/path/index.php?num=[SQL]
http://www.example.com/path/index.php?category=[XSS]
http://www.example.com/path/index.php?num=9999999999&category=[XSS]