header-logo
Suggest Exploit
vendor:
Magic Book Professional, Magic List Professional, Magic Forum Personal
by:
Not specified
5.5
CVSS
MEDIUM
Input Validation
89
CWE
Product Name: Magic Book Professional, Magic List Professional, Magic Forum Personal
Affected Version From: Magic Book Professional version 2.0 and prior, Magic List Professional version 2.5 and prior, and Magic Forum Personal versions 2.5 and prior
Affected Version To: Not specified
Patch Exists: NO
Related CWE: CVE-2005-4204
CPE: a:cfmagic:magic_book_professional:2.0cpe:/a:cfmagic:magic_list_professional:2.5cpe:/a:cfmagic:magic_forum_personal:2.5
Metasploit:
Other Scripts:
Platforms Tested: Not specified
2005

CFMagic Products Multiple Input Validation Vulnerabilities

The CFMagic Products are prone to multiple input validation vulnerabilities. These vulnerabilities allow an attacker to inject malicious SQL code into database queries and conduct cross-site scripting attacks. An attacker can exploit these vulnerabilities by sending specially crafted input to the affected application.

Mitigation:

The vendor has not provided a specific mitigation or remediation for these vulnerabilities. It is recommended to update to the latest version of the CFMagic Products to address these issues.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/15774/info

CFMagic Products are prone to multiple input validation vulnerabilities. These are due to a lack of proper sanitization of user-supplied input.

These vulnerabilities allow an attacker to inject malicious SQL code into database queries, and conduct cross-site scripting attacks.

Magic Book Professional version 2.0 and prior, Magic List Professional version 2.5 and prior, and Magic Forum Personal versions 2.5 and prior are vulnerable.

Other versions of these applications may also be affected. 

http://www.example.com/view_archive.cfm?ListID=[SQL]

Navigation

Suggest Exploit

Services By CQR