header-logo
Suggest Exploit
vendor:
Sosci Survey
by:
SecurityFocus
8,8
CVSS
HIGH
Unauthorized Access, Cross-Site Scripting, HTML Injection, PHP Code Execution
264, 79, 89, 94
CWE
Product Name: Sosci Survey
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2013

Sosci Survey Security Vulnerabilities

Sosci Survey is prone to multiple security vulnerabilities, including unauthorized access, cross-site scripting, HTML injection, and PHP code execution. Exploiting these vulnerabilities may allow an attacker to gain unauthorized access to the affected application, allow attacker-supplied HTML and script code to run in the context of the affected browser, allow the attacker to steal cookie-based authentication credentials, control how the site is rendered to the user, or inject and execute arbitrary malicious PHP code in the context of the web server process.

Mitigation:

Ensure that all user-supplied input is properly sanitized and validated before being used in the application.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/59278/info

Sosci Survey is prone to following security vulnerabilities:

1. An unauthorized-access vulnerability
2. Multiple cross-site scripting vulnerabilities
3. Multiple HTML-injection vulnerabilities
4. A PHP code-execution vulnerability

Successful exploits may allow an attacker to gain unauthorized access to the affected application, allow attacker-supplied HTML and script code to run in the context of the affected browser, allow the attacker to steal cookie-based authentication credentials, control how the site is rendered to the user, or inject and execute arbitrary malicious PHP code in the context of the web server process. 

https://www.example.com/admin/index.php?o=account&a=message.reply&id=[msg_id]
https://www.example.com/admin/index.php?o=panel&a=receiver.edit&id=<script>alert(document.cookie)</script>

Navigation

Suggest Exploit

Services By CQR