Op5 Monitor HTML Injection And SQL Injection Vulnerabilities Network Vulnerability

Summary

op5 Monitor is prone to an HTML-injection vulnerability and an SQL-injection vulnerability because it fails to sanitize user- supplied input. Exploiting these issues may allow an attacker to compromise the application, access or modify data, exploit vulnerabilities in the underlying database, execute HTML and script code in the context of the affected site, steal cookie-based authentication credentials, or control how the site is rendered to the user other attacks are also possible. op5 Monitor 5.4.2 is vulnerable other versions may also be affected.

Solution

Vendor updates are available. Please see the references for more information.

References

http://www.securityfocus.com/bid/55191

Updated on 2015-03-25

Severity

Classification

CVSS	Base Score: 7.5 AV:N/AC:L/Au:S/C:C/I:P/A:N

Related Vulnerabilities

ActualAnalyzer Lite 'ant' Cookie Parameter Remote Command Execution Vulnerability
Alcatel-Lucent OmniPCX Enterprise Remote Command Execution Vulnerability
4Images <= 1.7.1 Directory Traversal Vulnerability
Apple Safari PDF Javascript Security Bypass Bypass Vulnerability
Agora CGI Cross Site Scripting

op5 Monitor HTML Injection and SQL Injection Vulnerabilities

Take action and discover your vulnerabilities