BigDump Cross-Site Scripting, SQL-Injection, and Arbitrary File Upload Vulnerabilities

vendor:

BigDump

by:

SecurityFocus

7,5

CVSS

HIGH

Cross-Site Scripting, SQL-Injection, and Arbitrary File Upload

79, 89, 264

CWE

Product Name: BigDump

Affected Version From: BigDump 0.29b

Affected Version To: BigDump 0.32b

Patch Exists: YES

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2012

BigDump Cross-Site Scripting, SQL-Injection, and Arbitrary File Upload Vulnerabilities

BigDump is prone to a cross-site scripting vulnerability, an SQL-injection vulnerability, and an arbitrary-file-upload vulnerability because it fails to sanitize user-supplied data. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, upload arbitrary files, access or modify data, or exploit latent vulnerabilities in the underlying database.

Mitigation:

Input validation should be used to ensure that untrusted data is not used to manipulate the application's behavior. Additionally, the application should be configured to use the least-privileged user account possible.

Source

BigDump Cross-Site Scripting, SQL-Injection, and Arbitrary File Upload Vulnerabilities

Mitigation:

Exploit-DB raw data: