Input validation vulnerabilities in CFMagic Products

vendor:

CFMagic Products

by:

Unknown

5.5

CVSS

MEDIUM

Input validation

CWE

Product Name: CFMagic Products

Affected Version From: Magic Book Professional version 2.0 and prior, Magic List Professional version 2.5 and prior, and Magic Forum Personal versions 2.5 and prior

Affected Version To:

Patch Exists: NO

Related CWE:

CPE: a:cfmagic:magic_book_professional:2.0 cpe:/a:cfmagic:magic_list_professional:2.5 cpe:/a:cfmagic:magic_forum_personal:2.5

Metasploit:

Other Scripts:

Platforms Tested:

2005

Input validation vulnerabilities in CFMagic Products

The CFMagic Products are prone to multiple input validation vulnerabilities. These vulnerabilities allow an attacker to inject malicious SQL code into database queries and conduct cross-site scripting attacks.

Mitigation:

To mitigate these vulnerabilities, it is recommended to implement proper input validation and sanitization techniques.

Source

Input validation vulnerabilities in CFMagic Products

Mitigation:

Exploit-DB raw data: