header-logo
Suggest Exploit
vendor:
Immophp
by:
Unknown
7.5
CVSS
HIGH
Cross-Site Scripting, SQL Injection
79, 89
CWE
Product Name: Immophp
Affected Version From: 1.1.2001
Affected Version To: Unknown
Patch Exists: NO
Related CWE:
CPE: a:immophp:immophp:1.1.1
Metasploit:
Other Scripts:
Platforms Tested: Unknown
Unknown

Cross-Site Scripting and SQL Injection vulnerabilities in Immophp

The Immophp application is prone to a cross-site scripting vulnerability and multiple SQL-injection vulnerabilities due to inadequate sanitization of user-supplied input. Exploiting these issues could lead to the theft of authentication credentials, compromise of the application, unauthorized access or modification of data, or exploitation of latent vulnerabilities in the underlying database.

Mitigation:

To mitigate these vulnerabilities, it is recommended to implement proper input validation and sanitization techniques. Additionally, using prepared statements or parameterized queries can help prevent SQL injection attacks. Regular security testing and updates should also be performed.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/48341/info

Immophp is prone to a cross-site scripting vulnerability and multiple SQL-injection vulnerabilities because the application fails to sufficiently sanitize user-supplied input.

Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Immophp 1.1.1 is vulnerable; other versions may also be affected. 

SQL-injection:

http://www.example.com/index.php?page=-2%20uniuon%20select%201,2,3,version(),5--
http://www.example.com/annonce_detail.php?annonce=-2%20union%20all%20select%20group_concat(table_name)%20from%20information_schema.tables%20where%

Cross-site scripting:

http://www.example.com/annonce.php?secteur= %3cscript%3ealert%3c'31337'%3e%3b%3c%2fscript%3e

Navigation

Suggest Exploit

Services By CQR