header-logo
Suggest Exploit
vendor:
AWAuctionScript CMS
by:
SecurityFocus
7,5
CVSS
HIGH
SQL-Injection, File-Upload, HTML-Injection
89, 264, 79
CWE
Product Name: AWAuctionScript CMS
Affected Version From: 1.0
Affected Version To: 1.0
Patch Exists: YES
Related CWE: N/A
CPE: a:awauctionscript:awauctionscript_cms
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2013

AWAuctionScript CMS Remote Vulnerabilities

AWAuctionScript CMS is prone to the following remote vulnerabilities because it fails to sufficiently sanitize user-supplied data: A remote SQL-injection vulnerability, a remote file-upload vulnerability, and an HTML-injection vulnerability. Exploiting these issues could allow an attacker to execute arbitrary script code, upload arbitrary files, steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Mitigation:

Input validation should be used to prevent the exploitation of these vulnerabilities. Additionally, the application should be kept up-to-date with the latest security patches.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/56388/info

AWAuctionScript CMS is prone to the following remote vulnerabilities because it fails to sufficiently sanitize user-supplied data:

1. A remote SQL-injection vulnerability.
2. A remote file-upload vulnerability.
3. An HTML-injection vulnerability.

Exploiting these issues could allow an attacker to execute arbitrary script code, upload arbitrary files, steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

AWAuctionScript 1.0 is vulnerable; other version may also be affected. 

http://www.example.com/listing.php?category=Website&PageNo=-1'[SQL-Injection Vulnerability!]

Navigation

Suggest Exploit

Services By CQR