header-logo
Suggest Exploit
vendor:
Audiens
by:
Unknown
7.5
CVSS
HIGH
Input-Validation
79 (Cross-site Scripting), 89 (SQL Injection)
CWE
Product Name: Audiens
Affected Version From: 3.3
Affected Version To: Unknown
Patch Exists: No
Related CWE: Unknown
CPE: a:audins:audiens:3.3
Metasploit:
Other Scripts:
Platforms Tested:
Unknown

Audins Audiens Multiple Input-Validation Vulnerabilities

Audins Audiens is prone to multiple input-validation vulnerabilities, including SQL-injection issues and a cross-site scripting issue, because the application fails to sufficiently sanitize user-supplied input. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, retrieve and overwrite sensitive information, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.

Mitigation:

Implement proper input validation and sanitization techniques to prevent SQL-injection and cross-site scripting attacks. Regularly update the software to ensure the latest security patches are applied.
Source

Exploit-DB raw data:

Audins Audiens is prone to multiple input-validation vulnerabilities, including SQL-injection issues and a cross-site scripting issue, because the application fails to sufficiently sanitize user-supplied input.
  
Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, retrieve and overwrite sensitive information, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.
  
Audins Audiens version 3.3 is vulnerable; other versions may also be affected. 

http://www.example.com/[path]/system/index.php with PHPSESSID = '

Navigation

Suggest Exploit

Services By CQR