vendor:
WeBid
by:
Unknown
7.5
CVSS
HIGH
Input-Validation
20
CWE
Product Name: WeBid
Affected Version From: 0.85P1
Affected Version To: Unknown
Patch Exists: NO
Related CWE:
CPE:
Platforms Tested: Unknown
Unknown
WeBid Multiple Input-Validation Vulnerabilities
WeBid is prone to multiple input-validation vulnerabilities because it fails to adequately sanitize user-supplied input. These vulnerabilities include a local file-include vulnerability and a cross-site-scripting vulnerability. Exploiting these issues can allow an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, obtain potentially sensitive information, and execute arbitrary local scripts in the context of the webserver process. This may allow the attacker to compromise the application and the computer; other attacks are also possible.
Mitigation:
It is recommended to sanitize and validate user-supplied input to prevent these vulnerabilities. The application should also implement proper security measures to protect against cross-site scripting attacks.
