Multiple input validation vulnerabilities in CFMagic Products

vendor:

CFMagic Products

by:

7.5

CVSS

HIGH

Input Validation

CWE

Product Name: CFMagic Products

Affected Version From: Magic Book Professional version 2.0 and prior, Magic List Professional version 2.5 and prior, and Magic Forum Personal versions 2.5 and prior

Affected Version To:

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested:

Multiple input validation vulnerabilities in CFMagic Products

The vulnerabilities in CFMagic Products allow an attacker to inject malicious SQL code into database queries and conduct cross-site scripting attacks.

Mitigation:

Properly sanitize user-supplied input to prevent SQL injection and cross-site scripting attacks.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/15774/info
  
CFMagic Products are prone to multiple input validation vulnerabilities. These are due to a lack of proper sanitization of user-supplied input.
  
These vulnerabilities allow an attacker to inject malicious SQL code into database queries, and conduct cross-site scripting attacks.
  
Magic Book Professional version 2.0 and prior, Magic List Professional version 2.5 and prior, and Magic Forum Personal versions 2.5 and prior are vulnerable.
  
Other versions of these applications may also be affected. 

http://www.example.com/view_thread.cfm?ForumID=1[SQL]

http://www.example.com/view_thread.cfm?ForumID=1&ThreadID=1&Thread=1[SQL]

http://www.example.com/view_thread.cfm?ForumID=1&ThreadID=1[SQL]