phpMyQuote Multiple Input-Validation Vulnerabilities

vendor:

phpMyQuote

by:

7.5

CVSS

HIGH

Input-Validation

79, 89

CWE

Product Name: phpMyQuote

Affected Version From: 0.2

Affected Version To:

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested:

phpMyQuote Multiple Input-Validation Vulnerabilities

phpMyQuote is prone to multiple input-validation vulnerabilities, including a cross-site scripting issue and an SQL-injection issue, because the application fails to sanitize user-supplied input. A successful exploit may allow an attacker to steal cookie-based authentication credentials, execute malicious script code in a user's browser, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Mitigation:

To mitigate these vulnerabilities, it is recommended to implement proper input validation and sanitization techniques in the phpMyQuote application.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/25615/info

phpMyQuote is prone to multiple input-validation vulnerabilities, including a cross-site scripting issue and an SQL-injection issue, because the application fails to sanitize user-supplied input.

A successful exploit may allow an attacker to steal cookie-based authentication credentials, execute malicious script code in a user's browser, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

These issues affect phpMyQuote 0.20; other versions may also be vulnerable.

http://example.com/script_path/index.php?action=edit&id=[Sql injection]
http://example.com/script_path/index.php?action=edit&id=[XSS]