Summary
Intramaps is prone to multiple security vulnerabilities including:
1. Multiple cross-site scripting vulnerabilities
2. Multiple SQL-injection vulnerabilities
3. An information-disclosure vulnerability
4. A cross-site request-forgery vulnerability
5. An XQuery-injection vulnerability
An attacker can exploit these vulnerabilities to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, access or modify data, exploit vulnerabilities in the underlying database, disclose sensitive information, and perform unauthorized actions. Other attacks are also possible.
Intramaps 7.0.128 Rev 318 is vulnerable
other versions may also
be affected.
Solution
Reportedly these issues are fixed. Please contact the vendor for more information.
References
Updated on 2017-03-28
Severity
Classification
-
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Acute Control Panel SQL Injection Vulnerability and Remote File Include Vulnerability
- ActivePerl perlIS.dll Buffer Overflow
- AlefMentor Multiple SQL Injection Vulnerabilities
- Awstats Configuration File Remote Arbitrary Command Execution Vulnerability
- AWStats Totals 'sort' Parameter Remote Command Execution Vulnerabilities