vendor:
Ezboxx Portal System
by:
7.5
CVSS
HIGH
Input Validation
20
CWE
Product Name: Ezboxx Portal System
Affected Version From: Ezboxx Portal System Beta v 0.7.6
Affected Version To: Ezboxx Portal System Beta v 0.7.6
Patch Exists: NO
Related CWE:
CPE:
Platforms Tested:
Ezboxx Multiple Input Validation Vulnerabilities
Ezboxx is prone to multiple input-validation vulnerabilities because the application fails to sufficiently sanitize user-supplied input. The vulnerabilities include an SQL-injection issue, multiple cross-site scripting issues, and a path-disclosure issue. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, retrieve sensitive information, access or modify data, or exploit latent vulnerability in the underlying database implementation.
Mitigation:
Implement proper input validation and sanitization techniques to prevent SQL-injection, cross-site scripting, and path-disclosure vulnerabilities.