Summary
Basic Analysis and Security Engine (BASE) is prone to multiple input- validation vulnerabilities because it fails to adequately sanitize user- supplied input. These vulnerabilities include an SQL-injection issue, a cross-site scripting issue, and a local file-include issue.
Exploiting these issues can allow an attacker to steal cookie-based authentication credentials, view and execute local files within the context of the webserver, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Other attacks may also be possible.
These issues affect versions prior to BASE 1.4.4.
Solution
Updates are available. Please see the references for details.
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2009-4590, CVE-2009-4591, CVE-2009-4592, CVE-2009-4837, CVE-2009-4838, CVE-2009-4839 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- AdPeeps 'index.php' Multiple Vulnerabilities.
- Apache Tomcat/JBoss EJBInvokerServlet / JMXInvokerServlet (RMI over HTTP) Marshalled Object Remote Code Execution
- Adobe ColdFusion Multiple Vulnerabilities-02 May-2014
- Advanced Guestbook Index.PHP SQL Injection Vulnerability
- b2ePMS Multiple SQL Injection Vulnerabilities