Event Horizon 'modfile.php' Cross Site Scripting And SQL Injection Vulnerabilities Network Vulnerability

Summary

This host is running Event Horizon and is prone cross site scripting and SQL injection vulnerabilities.

Impact

Successful exploitation will allow remote attackers to execute arbitrary HTML and script code and manipulate SQL queries by injecting arbitrary SQL code in a user's browser session in context of an affected site. Impact Level: Application.

Solution

Upgrade to the Event Horizon version 1.1.11 http://code.google.com/p/eventh/downloads/list

Insight

The flaw exists due to the improper validation of user supplied data to 'YourEmail' and 'VerificationNumber' parameters to 'modfile.php' script.

Affected

Event Horizon version 1.1.10 and prior.

References

http://freshmeat.net/projects/eventh/
http://secunia.com/advisories/40517

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-2854, CVE-2010-2855

CVSS	Base Score: 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

APC PowerChute Network Shutdown 'security/applet' Cross Site Scripting Vulnerability
AfterLogic WebMail Pro Multiple Cross Site Scripting Vulnerabilities
AjaXplorer 'doc_file' Parameter Local File Disclosure Vulnerability
Apple Safari Multiple Vulnerabilities
appRain CMF 'uploadify.php' Remote Arbitrary File Upload Vulnerability

Event Horizon 'modfile.php' Cross Site Scripting and SQL Injection Vulnerabilities

Take action and discover your vulnerabilities