Paliz Portal Multiple Vulnerabilities

vendor:

Paliz Portal

by:

7.5

CVSS

HIGH

SQL Injection, Cross-Site Scripting (XSS)

CWE

Product Name: Paliz Portal

Affected Version From:

Affected Version To:

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested:

Paliz Portal Multiple Vulnerabilities

The Paliz Portal application is prone to multiple SQL-injection vulnerabilities and a cross-site scripting vulnerability. These vulnerabilities occur due to a failure in properly sanitizing user-supplied input. An attacker can exploit these issues to steal cookie-based authentication credentials, control the rendering of the site, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Mitigation:

To mitigate these vulnerabilities, it is recommended to implement proper input validation and sanitization mechanisms. Additionally, web application firewalls can help detect and prevent such attacks. Regular security audits and updates are also advised.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/48559/info

Paliz Portal is prone to multiple SQL-injection vulnerabilities and a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.

Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, control how the site is rendered to the user, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. 

http://www.example.com/Page.aspx?search=1[XSSCode]&mID=1641&Page=search/advancedsearch
http://www.example.com/News/shownews/[page].aspx?NewsId=[Sqli]
http://www.example.com/[Path]/Default.aspx?tabid=[Sqli]