vendor:
WMSCMS
by:
Ariko-Security
N/A
CVSS
N/A
XSS & SQLi
89, 89, 79, 89, 89, 89, 89, 79, 79, 79
CWE
Product Name: WMSCMS
Affected Version From: ALL versions
Affected Version To: ALL versions
Patch Exists: N/A
Related CWE: N/A
CPE: N/A
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2010
XSS, SQL injection vulnerability in WmsCMS
Input passed via the "search","sbr","pid","sbl","FilePath" parameters to default.asp is not properly sanitised before being used in a SQL query. Input passed via the "sbr","pr","psPrice" parameters to printpage.asp is not properly sanitised before being used in a SQL query. Input passed to the "search","sbr","p","sbl" parameters in default.asp is not properly sanitised before being returned to the user.
Mitigation:
Input validation of all mentioned parameters should be corrected.
