Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the wp-pagenavi domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/u918112125/domains/exploit.company/public_html/wp-includes/functions.php on line 6114
Multiple vulnerabilities in Sambar Server - exploit.company
header-logo
Suggest Exploit
vendor:
Sambar Server
by:
Unknown
7.5
CVSS
HIGH
Directory Traversal, Cross-Site Scripting (XSS)
22
CWE
Product Name: Sambar Server
Affected Version From: Sambar 6.1 Beta 2
Affected Version To: Unknown
Patch Exists: NO
Related CWE: Not specified
CPE:
Metasploit:
Other Scripts:
Platforms Tested: Unknown
Unknown

Multiple vulnerabilities in Sambar Server

The vulnerabilities in Sambar Server allow an attacker to access sensitive files, carry out directory traversal attacks, and execute cross-site scripting attacks. These issues can be exploited by an attacker with administrative privileges, and it is reported that the server does not have an administrative password set by default. Even administrators without intended privileges can exploit these vulnerabilities. The specific vulnerability can be triggered by accessing the following URL: http://www.example.com/sysadmin/system/show.asp?show=<script>alert("oops")</script>

Mitigation:

It is recommended to set an administrative password on the server and apply the latest patches or updates provided by the vendor. Additionally, input validation should be implemented to prevent directory traversal and XSS attacks.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/10444/info

Sambar Server is reportedly prone to multiple vulnerabilities. These issues may allow an attacker to access sensitive files and carry out directory traversal and cross-site scripting attacks.

These issues require an attacker to have administrative privileges, however, it is reported that an administrative password is not set on the server by default. An administrator who is not intended to have certain privileges may also exploit these vulnerabilities.

Sambar 6.1 Beta 2 is reported to be prone to these issues, however, it is likely that other versions are affected as well.

http://www.example.com/sysadmin/system/show.asp?show=<script>alert("oops")</script>

Navigation

Suggest Exploit

Services By CQR