vendor:
Crime24 Stealer Panel
by:
Daisuke Dan
5.5
CVSS
MEDIUM
Cross-site scripting (XSS) and SQL Injection
79
CWE
Product Name: Crime24 Stealer Panel
Affected Version From: v.1
Affected Version To: v.1
Patch Exists: NO
Related CWE:
CPE: crime24
Platforms Tested: Windows Seven
2014
Crime24 Stealer Panel <= Multiple Vulnerabilities
An attacker can execute an XSS and inject SQL commands in the search form. The vulnerability requires the attacker to be logged in the admin panel.
Mitigation:
Implement proper input validation and sanitization to prevent XSS and SQL injection attacks. Also, ensure that user authentication and authorization mechanisms are in place.