Easypx41 Multiple Variable Injection Vulnerabilities

vendor:

Easypx41

by:

SecurityFocus

7.5

CVSS

HIGH

Variable Injection

CWE

Product Name: Easypx41

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: N/A

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2005

Easypx41 Multiple Variable Injection Vulnerabilities

An attacker can manipulate multiple script input variables and bypass access controls to retrieve sensitive and privileged information. Information obtained may aid in further attacks against the vulnerable application or the underlying system.

Mitigation:

Input validation should be used to ensure that user-supplied data is properly sanitized.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/14421/info

Easypx41 is prone to multiple variable injection vulnerabilities.

An attacker can manipulate multiple script input variables and bypass access controls to retrieve sensitive and privileged information. Information obtained may aid in further attacks against the vulnerable application or the underlying system.

http://www.example.com/index.php?pg=&L=[variable-injection]&H=[variable-injection]
http://www.example.com/index.php?pg=modules/forum/viewtopic.php&Forum=Forum%20de%20d?monstration.&msg=1103495330.dat&pgfull[variable-injection]
http://www.example.com/index.php?pg=http://google.fr&pgtype=iframe&amp;amp;L=500&H=500
http://www.example.com/index.php?pg=modules/forum/viewprofil.php&membres=[variable-injection]&pgfull[variable-injection]
http://www.example.com/index.php?pg=modules/forum/viewprofil.php&membres=[variable-injection]
http://www.example.com/index.php?pg=modules/forum/viewtopic.php&Forum=[change-or-variable-injection].&msg=1103495330.dat&pgfull