vendor:
Content2Web
by:
SecurityFocus
7.5
CVSS
HIGH
SQL Injection, XSS, File Inclusion
89, 79, 94
CWE
Product Name: Content2Web
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: N/A
Related CWE: N/A
CPE: N/A
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2005
Content2Web Multiple Input Validation Vulnerabilities
Content2Web is affected by multiple input validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this lack of sanitization to perform SQL injection attacks, cross-site scripting attacks and include local PHP files. It may also be possible to include remote PHP files as well; this has not been confirmed. The consequences of these attacks vary from a compromise of the system, the execution of arbitrary code and the theft of cookie-based authentication credentials, all in the context of the Web server process.
Mitigation:
Input validation should be performed to detect and reject malicious input. All input should be validated on the server side before being used in SQL queries, HTML output, or other operations.
