Summary
Intramaps is prone to multiple security vulnerabilities including:
1. Multiple cross-site scripting vulnerabilities
2. Multiple SQL-injection vulnerabilities
3. An information-disclosure vulnerability
4. A cross-site request-forgery vulnerability
5. An XQuery-injection vulnerability
An attacker can exploit these vulnerabilities to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, access or modify data, exploit vulnerabilities in the underlying database, disclose sensitive information, and perform unauthorized actions. Other attacks are also possible.
Intramaps 7.0.128 Rev 318 is vulnerable
other versions may also
be affected.
Solution
Reportedly these issues are fixed. Please contact the vendor for more information.
References
Updated on 2017-03-28
Severity
Classification
-
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- A Really Simple Chat Multiple SQL Injection Vulnerabilities
- Adiscon LogAnalyzer Multiple SQL Injection and XSS Vulnerabilities
- AlienVault OSSIM Multiple Remote Code Execution Vulnerabilities
- Apache Archiva Multiple Remote Command Execution Vulnerabilities
- AlienVault Open Source SIEM (OSSIM) 'timestamp' Parameter Directory Traversal Vulnerability