Summary
This host is running AdPeeps and is prone to multiple vulnerabilities.
Impact
Successful exploitation will allow attackers to insert arbitrary HTML and script code, which will be executed in a user's browser session in the context of an affected site when malicious data is viewed.
Impact Level: Application
Solution
No solution or patch was made available for at least one year since disclosure of this vulnerability. Likely none will be provided anymore.
General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one.
Insight
The flaws are due to
- Improper validation of user supplied data to the 'index.php' page via various parameters.
- 'view_adrates' action with an invalid uid parameter, in 'index.php' reveals the installation path in an error message.
- Application having a default password of 'admin' for the 'admin' account, which makes it easier for remote attackers to obtain access via requests to 'index.php'.
Affected
Adpeeps version 8.6.5d1 and prior.
References
Severity
Classification
-
CVE CVE-2009-4939, CVE-2009-4943, CVE-2009-4945 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities