MnoGoSearch Multiple Vulnerabilities Network Vulnerability

Summary

This host is running mnoGoSearch and is prone to multiple vulnerabilities.

Impact

Successful exploitation will allow remote attackers to execute arbitrary HTML or web script in a user's browser session in context of an affected site and disclose the content of an arbitrary file. Impact Level: Application

Solution

Update to mnoGoSearch 3.3.13 or later, For updates refer to http://www.mnogosearch.org/download.html

Insight

Multiple flaws due to, - Error when parsing certain QUERY_STRING parameters. - Input passed via 'STORED' parameter to search/index.html (when 'q' is set to 'x') is not properly sanitized before being returned to the user.

Affected

mnoGoSearch Version 3.3.12 and prior

References

http://en.securitylab.ru/lab/PT-2013-17
http://osvdb.org/90786
http://packetstormsecurity.com/files/120650/mnoGoSearch-3.3.12-Arbitrary-File-Read.html
http://secunia.com/advisories/52401
http://securitytracker.com/id?1028247
http://www.exploit-db.com/exploits/24630
http://www.mnogosearch.org/doc33/msearch-changelog.html

Updated on 2015-03-25

Severity

Classification

CVSS	Base Score: 7.8 AV:N/AC:L/Au:N/C:C/I:N/A:N

Related Vulnerabilities

AlefMentor Multiple SQL Injection Vulnerabilities
Alcatel-Lucent OmniPCX Enterprise Remote Command Execution Vulnerability
b2ePMS Multiple SQL Injection Vulnerabilities
A-Blog 'sources/search.php' SQL Injection Vulnerability
AVTECH DVR Multiple Vulnerabilities

mnoGoSearch Multiple Vulnerabilities

Take action and discover your vulnerabilities