Summary
This host is running Event Horizon and is prone cross site scripting and SQL injection vulnerabilities.
Impact
Successful exploitation will allow remote attackers to execute arbitrary HTML and script code and manipulate SQL queries by injecting arbitrary SQL code in a user's browser session in context of an affected site.
Impact Level: Application.
Solution
Upgrade to the Event Horizon version 1.1.11
http://code.google.com/p/eventh/downloads/list
Insight
The flaw exists due to the improper validation of user supplied data to 'YourEmail' and 'VerificationNumber' parameters to 'modfile.php' script.
Affected
Event Horizon version 1.1.10 and prior.
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2010-2854, CVE-2010-2855 -
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Apple Safari Multiple Vulnerabilities
- AeroMail Cross Site Request Forgery, HTML Injection and Cross Site Scripting Vulnerabilities
- appRain CMF 'uploadify.php' Remote Arbitrary File Upload Vulnerability
- Apache Struts Showcase Multiple Persistence Cross-Site Scripting Vulnerabilities
- Apache Struts Cross Site Scripting Vulnerability