header-logo
Suggest Exploit
vendor:
OpenBiblio
by:
Unknown
7.5
CVSS
HIGH
Input-Validation
Unknown
CWE
Product Name: OpenBiblio
Affected Version From: 0.5.2-pre4
Affected Version To: Prior versions
Patch Exists: NO
Related CWE: Unknown
CPE: openbiblio
Metasploit:
Other Scripts:
Platforms Tested:
Unknown

OpenBiblio Multiple Input-Validation Vulnerabilities

OpenBiblio is prone to multiple input-validation vulnerabilities including SQL-injection, cross-site scripting, HTML-injection, and local file-include vulnerabilities. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, execute arbitrary local scripts, retrieve potentially sensitive information, or exploit latent vulnerabilities in the underlying database.

Mitigation:

Unknown
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/27053/info

OpenBiblio is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied data. The issues include SQL-injection, cross-site scripting, HTML-injection, and local file-include vulnerabilities.

Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, execute arbitrary local scripts, retrieve potentially sensitive information, or exploit latent vulnerabilities in the underlying database.

These issues affect Openbiblio 0.5.2-pre4 and prior versions. 

http://www.example.com/openbiblio/admin/staff_del_confirm.php?UID=1&LAST=[XSS]&FIRST=[XSS]

Navigation

Suggest Exploit

Services By CQR