header-logo
Suggest Exploit
vendor:
Speedywiki
by:
SecurityFocus
6.4
CVSS
MEDIUM
Arbitrary File-Upload and Cross-Site Scripting
79, 79.1
CWE
Product Name: Speedywiki
Affected Version From: 2.2 and prior
Affected Version To: 2.2 and prior
Patch Exists: YES
Related CWE: N/A
CPE: a:speedywiki:speedywiki
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2006

Speedywiki Multiple Input Validation Vulnerabilities

Speedywiki is prone to multiple input-validation vulnerabilities because the application fails to sufficiently sanitize user-supplied input. These issues include an arbitrary file-upload vulnerability and a cross-site scripting vulnerability. An attacker may leverage these issues to upload and execute arbitrary code within the context of the affected webserver and to steal cookie-based authentication credentials. Other attacks are also possible.

Mitigation:

Input validation should be used to ensure that user-supplied data is properly sanitized before being used in the application.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/20976/info

Speedywiki is prone to multiple input-validation vulnerabilities because the application fails to sufficiently sanitize user-supplied input. These issues include an arbitrary file-upload vulnerability and a cross-site scripting vulnerability.

An attacker may leverage these issues to upload and execute arbitrary code within the context of the affected webserver and to steal cookie-based authentication credentials. Other attacks are also possible. 

Versions prior to 2.2 is vulnerable to this issue.

http://www.example.com/index.php?showRevisions=[xss]

Navigation

Suggest Exploit

Services By CQR