Easebay Resources Paypal Subscription Manager Multiple Input-Validation Vulnerabilities

vendor:

Paypal Subscription Manager

by:

Unknown

7.5

CVSS

HIGH

Input-Validation

CWE

Product Name: Paypal Subscription Manager

Affected Version From: Unknown

Affected Version To: Unknown

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested:

2007

Easebay Resources Paypal Subscription Manager Multiple Input-Validation Vulnerabilities

The application is prone to multiple input-validation vulnerabilities including an SQL-injection issue and a cross-site scripting issue. Exploiting these vulnerabilities could lead to various consequences such as stealing authentication credentials, compromising the application, retrieving sensitive information, accessing or modifying data, or exploiting latent vulnerability in the underlying database implementation.

Mitigation:

Implement proper input validation and sanitization techniques to prevent SQL-injection and cross-site scripting vulnerabilities. Regularly update and patch the application to address any security issues.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/22141/info

Easebay Resources Paypal Subscription Manager is prone to multiple input-validation vulnerabilities because the application fails to sufficiently sanitize user-supplied input. The vulnerabilities include an SQL-injection issue and a cross-site scripting issue.

Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, retrieve sensitive information, access or modify data, or exploit latent vulnerability in the underlying database implementation.

An example URI has been provided:

http://www.example.com/psm/admin/memberlist.php?keyword=[SQl]&p=a&by=1&sbmt1=++Search++&init_row=0&sort=create_time&sq=desc&status=1

http://www.example.com/psm/admin/edit_member.php?username=Admin=[XSS]