header-logo
Suggest Exploit
vendor:
Zoph
by:
SecurityFocus
4.3
CVSS
MEDIUM
Cross-site Scripting and SQL Injection
79, 89
CWE
Product Name: Zoph
Affected Version From: Zoph 0.7.2.1
Affected Version To: Other versions may also be affected
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2009

Zoph Multiple Vulnerabilities

Zoph is prone to a cross-site scripting vulnerability and multiple SQL-injection vulnerabilities. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Mitigation:

The vendor disputes that Zoph is affected by these issues. Recent versions of Zoph are reported not vulnerable.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/30116/info
 
Zoph is prone to a cross-site scripting vulnerability and multiple SQL-injection vulnerabilities.
 
Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
 
Zoph 0.7.2.1 is vulnerable; other versions may also be affected.
 
UPDATE (July 2, 2009): The vendor disputes that Zoph is affected by these issues. Recent versions of Zoph are reported not vulnerable.

http://www.example.com/demo/search.php?_action=search&_off=[EvilScript]

Navigation

Suggest Exploit

Services By CQR