vendor:
AzDGDatingPlatinum
by:
SecurityFocus
7.5
CVSS
HIGH
SQL-injection and Cross-site Scripting
89, 79
CWE
Product Name: AzDGDatingPlatinum
Affected Version From: 1.1.2000
Affected Version To: 1.1.2000
Patch Exists: YES
Related CWE: N/A
CPE: a:azdg:azdg_dating_platinum:1.1.0
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2005
AzDGDatingPlatinum Multiple Vulnerabilities
AzDGDatingPlatinum is reported prone to multiple vulnerabilities, including multiple SQL-injection vulnerabilities which could permit remote attackers to pass malicious input to database queries, resulting in the modification of query logic or other attacks. A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation. Additionally, a cross-site scripting issue is present, which could allow an attacker to have arbitrary script code execute in the browser of an unsuspecting user. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
Mitigation:
Input validation should be used to ensure that user-supplied data is properly sanitized. Additionally, applications should be configured to use the least-privileged user account possible.
