header-logo
Suggest Exploit
vendor:
w-Agora
by:
7.5
CVSS
HIGH
Input Validation
20
CWE
Product Name: w-Agora
Affected Version From: 4.2.2001
Affected Version To: 4.2.2001
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:

Multiple input-validation vulnerabilities in w-Agora

w-Agora is prone to multiple input-validation vulnerabilities, including possible SQL-injection issues and multiple cross-site scripting issues. These vulnerabilities are caused by a failure to sufficiently sanitize user-supplied data. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.

Mitigation:

It is recommended to sanitize and validate user-supplied data before using it in SQL queries or outputting it to web pages. Implementing proper input validation and output encoding techniques can help mitigate these vulnerabilities.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/23057/info

w-Agora is prone to multiple input-validation vulnerabilities, including possible SQL-injection issues and multiple cross-site scripting issues, because it fails to sufficiently sanitize user-supplied data.

Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.

w-Agora 4.2.1 is vulnerable. 

http://www.example.com/w-agora/profile.php?site=hello&showuser='"><script>alert(document.cookie)</script>