PropertyMax Pro FREE (SQL/XSS) Multiple Remote Vulnerabilities

vendor:

PropertyMax Pro FREE

by:

SirGod

7,5

CVSS

HIGH

SQL Injection and Cross-Site Scripting

89, 79

CWE

Product Name: PropertyMax Pro FREE

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

PropertyMax Pro FREE (SQL/XSS) Multiple Remote Vulnerabilities

PropertyMax Pro FREE is prone to multiple remote vulnerabilities, including an authentication bypass vulnerability and a cross-site scripting vulnerability. The authentication bypass vulnerability occurs because the application fails to sufficiently sanitize user-supplied input. An attacker can exploit this issue to bypass authentication and gain access to the application. The cross-site scripting vulnerability occurs because the application fails to properly sanitize user-supplied input before using it in dynamically generated content. An attacker can exploit this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

Mitigation:

Users should never visit untrusted websites or follow links provided by unknown or untrusted sources. Additionally, users should always use the latest version of all software. Administrators should ensure that the application is kept up-to-date with the latest security patches and upgrades. Input validation should be used to ensure that untrusted data is not used to dynamically generate content.

Source

PropertyMax Pro FREE (SQL/XSS) Multiple Remote Vulnerabilities

Mitigation:

Exploit-DB raw data: