vendor:
Lisk CMS
by:
7.5
CVSS
HIGH
SQL Injection, Cross-Site Scripting
89, 79
CWE
Product Name: Lisk CMS
Affected Version From: 4.4
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Platforms Tested:
Lisk CMS Multiple SQL Injection and Cross-Site Scripting Vulnerabilities
Lisk CMS is prone to multiple SQL-injection and cross-site scripting vulnerabilities because it fails to sanitize user-supplied input. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, control how the site is rendered to the user, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Mitigation:
Sanitize user-supplied input to prevent SQL injection and cross-site scripting attacks. Use parameterized queries or prepared statements to handle user input safely. Regularly update Lisk CMS to the latest version to patch any existing vulnerabilities.