vendor:
Recipe Script
by:
Milos Zivanovic
6.4
CVSS
MEDIUM
Multiple Vulnerabilities such as XSRF, Shell Upload, XSS
N/A
CWE
Product Name: Recipe Script
Affected Version From: 5
Affected Version To: 5
Patch Exists: YES
Related CWE: N/A
CPE: a:recipescript:recipe_script:5.0
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: PHP
2009
Recipe Script v5.0 (Shell Upload/XSRF/XSS) Multiple Vulnerabilities
We can use the following exploit to change users email and then go to 'forget your password' form and it will send us password on the email. We can upload a shell to the server using the following exploit. We can use the following exploit to change admin password and send email to subscribers. We can use the following exploit to inject malicious code into the application. We can use the following exploit to inject malicious code into the application.
Mitigation:
Ensure that all user input is properly sanitized and validated before being used in the application. Ensure that all user input is properly sanitized and validated before being used in the application. Ensure that all user input is properly sanitized and validated before being used in the application. Ensure that all user input is properly sanitized and validated before being used in the application.