Ad Manager Pro Multiple SQL Injection And XSS Vulnerabilities Network Vulnerability

Summary

This host is running Ad Manager Pro and is prone to multiple sql injection and cross site scripting vulnerabilities.

Impact

Successful exploitation will allow remote attackers to to manipulate SQL queries by injecting arbitrary SQL code or execute arbitrary HTML and script code in a user's browser session in context of affected website. Impact Level: Application

Solution

Upgrade to the latest verison For updates refer to http://www.phpwebscripts.com/ad-manager-pro/

Insight

- Input passed via the 'X-Forwarded-For' HTTP header field is not properly sanitised before being used in SQL queries. - Inputs passed via 'username', 'password' 'image_control' and 'email' parameters to 'advertiser.php' and 'publisher.php' is not properly sanitised before being returned to the user.

Affected

Ad Manager Pro

References

http://packetstormsecurity.org/files/115877/admanagerpro-sqlxss.txt
http://secunia.com/advisories/50427
http://www.exploit-db.com/exploits/20785
http://www.osvdb.org/84952
http://www.securelist.com/en/advisories/50427

Updated on 2015-03-25

Severity

Classification

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

4psa Voipnow Local File Inclusion Vulnerability
AlienVault Open Source SIEM (OSSIM) 'timestamp' Parameter Directory Traversal Vulnerability
Ajax File and Image Manager 'data.php' PHP Code Injection Vulnerability
AlienVault OSSIM Multiple Remote Code Execution Vulnerabilities
AlefMentor Multiple SQL Injection Vulnerabilities

Take action and discover your vulnerabilities