LabWiki Multiple Cross Site Scripting And Arbitrary File Upload Vulnerabilities Network Vulnerability

Summary

LabWiki is prone to multiple cross-site scripting and arbitrary file upload vulnerabilities because the software fails to sufficiently sanitize user-supplied input An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site and to upload arbitrary files and execute arbitrary code with administrative privileges. This may allow the attacker to steal cookie- based authentication credentials and to launch other attacks. LabWiki 1.1 and prior are vulnerable.

Solution

Updates are available. Please see the references for details.

References

http://www.bioinformatics.org/phplabware/labwiki/
http://www.securityfocus.com/bid/50608

Updated on 2015-03-25

Severity

Classification

CVSS	Base Score: 4.6 AV:N/AC:H/Au:S/C:P/I:P/A:P

Related Vulnerabilities

Apache Tomcat Login Constraints Security Bypass Vulnerability
Apache Open For Business HTML injection vulnerability
Adobe JRun Management Console Multiple Vulnerabilities
Adobe ColdFusion HTTP Response Splitting Vulnerability
A Really Simple Chat Multiple XSS Vulnerabilities

Take action and discover your vulnerabilities