Spooky Login Input-Validation Vulnerabilities

vendor:

Spooky Login

by:

Unknown

7.5

CVSS

HIGH

Input-validation vulnerabilities including cross-site scripting and SQL-injection

CWE

Product Name: Spooky Login

Affected Version From: 2.7

Affected Version To: 2.7

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested: Unknown

Unknown

Spooky Login Input-Validation Vulnerabilities

The Spooky Login application fails to properly sanitize user-supplied input, leading to multiple input-validation vulnerabilities. These vulnerabilities can be exploited by an attacker to compromise the application, access or modify data, steal cookie-based authentication credentials, or exploit vulnerabilities in the underlying database implementation. Other attacks are also possible.

Mitigation:

To mitigate these vulnerabilities, it is recommended to implement proper input validation and sanitization techniques in the Spooky Login application. Additionally, using parameterized queries or prepared statements can help prevent SQL-injection attacks.

Source

Spooky Login Input-Validation Vulnerabilities

Mitigation:

Exploit-DB raw data: