Bitweaver SQL Injection and Cross-Site Scripting Vulnerabilities

vendor:

Bitweaver

by:

Unknown

N/A

CVSS

N/A

SQL Injection, Cross-Site Scripting

Unknown

CWE

Product Name: Bitweaver

Affected Version From: 1.3.1 and prior

Affected Version To: Unknown

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested: Unknown

Unknown

Bitweaver SQL Injection and Cross-Site Scripting Vulnerabilities

Bitweaver fails to sanitize user-supplied data, leading to SQL injection and cross-site scripting vulnerabilities. Exploiting these vulnerabilities can result in the theft of authentication credentials, compromise of the application, unauthorized access or modification of data, and exploitation of latent vulnerabilities in the database implementation.

Mitigation:

Implement proper input validation and sanitization techniques to prevent SQL injection and cross-site scripting vulnerabilities. Upgrade to a non-vulnerable version of Bitweaver if available.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/20996/info

Bitweaver is prone to multiple SQL-injection and cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.

Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.

Bitweaver 1.3.1 and prior versions are vulnerable; other versions may also be affected. 

Since this issue is a duplicate of the the issue described in BID 20988 (Bitweaver Multiple Input Validation Vulnerabilities), this BID is being retired.

http://www.example.com/bitweaver/blogs/list_blogs.php?sort_mode=-98