vendor:
BackOfficePlus, BackOfficeLite
by:
Simo aka _6mO_HaCk
7.5
CVSS
HIGH
Input Validation and Information Disclosure
CWE
Product Name: BackOfficePlus, BackOfficeLite
Affected Version From: All versions
Affected Version To: Latest version not vulnerable
Patch Exists: NO
Related CWE:
CPE:
Platforms Tested:
2005
Comersus BackOfficePlus and BackOfficeLite Multiple Vulnerabilities
The applications are prone to SQL injection attacks, information disclosure, and multiple cross-site scripting attacks. An attacker can exploit these vulnerabilities to retrieve sensitive and privileged information, gain access to the application as an administrative user, and perform cross-site scripting attacks to retrieve cookie-based authentication credentials from victim users.
Mitigation:
Upgrade to the latest version of the software.