header-logo
Suggest Exploit
vendor:
Knowledge Manager
by:
7.5
CVSS
HIGH
SQL Injection, Cross-Site Scripting (XSS), Information Disclosure
89, 79, 209
CWE
Product Name: Knowledge Manager
Affected Version From: 5.1.2003
Affected Version To: 5.1.2003
Patch Exists: NO
Related CWE:
CPE: a:interspire:knowledge_manager:5.1.3
Metasploit:
Other Scripts:
Platforms Tested:

Interspire Knowledge Manager Multiple Vulnerabilities

The Interspire Knowledge Manager is prone to multiple vulnerabilities including SQL injection, cross-site scripting (XSS), and information disclosure vulnerabilities. Exploiting these vulnerabilities could allow an attacker to obtain sensitive information, steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Mitigation:

Apply security patches or updates provided by the vendor. Avoid using user-supplied input directly in SQL statements. Implement input validation and sanitize user-supplied data to prevent SQL injection and XSS attacks. Disable error messages that disclose sensitive information.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/38090/info

Interspire Knowledge Manager is prone to multiple SQL-injection vulnerabilities, a cross-site scripting vulnerability, and an information-disclosure vulnerability.

Exploiting these issues could allow an attacker to obtain sensitive information, steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Interspire Knowledge Manager 5.1.3 and prior versions are vulnerable.

http://www.example.com/admin/de/colormenu.php?sp=f";[xss];a="