vendor:
eHomes
by:
ajann
7,5
CVSS
HIGH
SQL/XSS
89, 79
CWE
Product Name: eHomes
Affected Version From: 1.0
Affected Version To: 1.0
Patch Exists: NO
Related CWE: N/A
CPE: a:enthrallweb:ehomes:1.0
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2006
Enthrallweb eHomes 1.0 Multiple (SQL/XSS) Vulnerabilities
The vulnerability exists due to improper sanitization of user-supplied input in the 'city' and 'aminprice' parameters of the 'result.asp' script. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code and to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
Mitigation:
Input validation should be used to prevent the exploitation of this vulnerability. Sanitize all user-supplied input to prevent SQL injection attacks. Additionally, HTML and script code should be removed from user-supplied input before displaying it.
