Multiple input-validation vulnerabilities in Bitweaver

vendor:

Bitweaver

by:

Unknown

N/A

CVSS

N/A

Cross-Site Scripting (XSS), HTML-injection, SQL-injection

Unknown

CWE

Product Name: Bitweaver

Affected Version From: 2.0.0

Affected Version To: 2.0.0

Patch Exists: NO

Related CWE: Unknown

CPE: Unknown

Metasploit:

Other Scripts:

Platforms Tested: Unknown

Unknown

Multiple input-validation vulnerabilities in Bitweaver

Bitweaver is prone to multiple input-validation vulnerabilities because the application fails to sufficiently sanitize user-supplied input including multiple cross-site scripting vulnerabilities, multiple HTML-injection vulnerabilities, and an SQL-injection vulnerability. A successful exploit of these vulnerabilities could allow an attacker to compromise the application, access or modify data, steal cookie-based authentication credentials, or exploit vulnerabilities in the underlying database. Other attacks are also possible.

Mitigation:

Unknown

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/26801/info

Bitweaver is prone to multiple input-validation vulnerabilities because the application fails to sufficiently sanitize user-supplied input including multiple cross-site scripting vulnerabilities, multiple HTML-injection vulnerabilities, and an SQL-injection vulnerability.

A successful exploit of these vulnerabilities could allow an attacker to compromise the application, access or modify data, steal cookie-based authentication credentials, or exploit vulnerabilities in the underlying database. Other attacks are also possible.

Bitweaver 2.0.0 and prior versions are vulnerable to these issues.


http://www.example.com/users/register.php/XSS