Multiple Input Validation Vulnerabilities in Community Enterprise

vendor:

Community Enterprise

by:

7.5

CVSS

HIGH

Input Validation

CWE

Product Name: Community Enterprise

Affected Version From:

Affected Version To:

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested:

Multiple Input Validation Vulnerabilities in Community Enterprise

These vulnerabilities are a result of improper input sanitization in Community Enterprise. Successful exploitation could lead to application compromise, data disclosure or modification, theft of authentication credentials, and exploitation of underlying database vulnerabilities.

Mitigation:

Implement proper input validation and sanitization techniques in the application to prevent these vulnerabilities. Regularly update the application to include security patches.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/15963/info

Community Enterprise is prone to multiple input validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.

Successful exploitation of these vulnerabilities could result in a compromise of the application, disclosure or modification of data, the theft of cookie-based authentication credentials. They may also permit an attacker to exploit vulnerabilities in the underlying database implementation as well as other attacks. 

http://www.example.com/index.cfm?fuseaction=page.viewPage&pageID=1&nodeID=1[SQL]
http://www.example.com/index.cfm?fuseaction=page.viewPage&pageID=1[SQL]
http://www.example.com/index.cfm?fuseaction=Document.showDocumentSection&sortby=PublishDate&startrow=8&topicOnly=&topicRadio=&topic=&subTopic=&docTitle=&docAuthor=&publishState=&docDescription=&docPublishYear=&presentationSite=&parentid=16&ID=1[SQL]
http://www.example.com/index.cfm?fuseaction=Document.showDocumentSection&sortby=PublishDate&startrow=8&topicOnly=&topicRadio=&topic=&subTopic=&docTitle=&docAuthor=&publishState=&docDescription=&docPublishYear=&presentationSite=&parentid=[SQL]
http://www.example.com/document/docWindow.cfm?fuseaction=document.viewDocument&documentid=1&documentFormatId=[SQL]


http://www.example.com/index.cfm?fuseaction=Document.showDocumentSection&sortby=PublishDate&startrow=8&topicOnly=&topicRadio=&topic=&subTopic=&docTitle=&docAuthor=&publishState=&docDescription=&docPublishYear=&presentationSite=[XSS]
http://www.example.com/index.cfm?fuseaction=Document.showDocumentSection&sortby=PublishDate&startrow=8&topicOnly=&topicRadio=&topic=&subTopic=&docTitle=&docAuthor=&publishState=&docDescription=&docPublishYear=[XSS]
http://www.example.com/index.cfm?fuseaction=Document.showDocumentSection&sortby=PublishDate&startrow=8&topicOnly=&topicRadio=&topic=&subTopic=&docTitle=&docAuthor=&publishState=&docDescription=[XSS]
http://www.example.com/index.cfm?fuseaction=Document.showDocumentSection&sortby=PublishDate&startrow=8&topicOnly=&topicRadio=&topic=&subTopic=&docTitle=&docAuthor=&publishState=[XSS]
http://www.example.com/index.cfm?fuseaction=Document.showDocumentSection&sortby=PublishDate&startrow=8&topicOnly=&topicRadio=&topic=&subTopic=&docTitle=&docAuthor=[XSS]
http://www.example.com/index.cfm?fuseaction=Document.showDocumentSection&sortby=PublishDate&startrow=8&topicOnly=&topicRadio=&topic=&subTopic=&docTitle=[XSS]
http://www.example.com/index.cfm?fuseaction=Document.showDocumentSection&sortby=PublishDate&startrow=8&topicOnly=&topicRadio=&topic=&subTopic=[XSS]
http://www.example.com/index.cfm?fuseaction=Document.showDocumentSection&sortby=PublishDate&startrow=8&topicOnly=&topicRadio=&topic=[XSS]
http://www.example.com/index.cfm?fuseaction=Document.showDocumentSection&sortby=PublishDate&startrow=8&topicOnly=&topicRadio=[XSS]
http://www.example.com/index.cfm?fuseaction=Document.showDocumentSection&sortby=PublishDate&startrow=8&topicOnly=[XSS]
http://www.example.com/index.cfm?fuseaction=Document.showDocumentSection&sortby=PublishDate&startrow=[XSS]
http://www.example.com/index.cfm?fuseaction=Document.showDocumentSection&sortby=[XSS]