Op5 Monitor HTML Injection And SQL Injection Vulnerabilities Network Vulnerability

Summary

op5 Monitor is prone to an HTML-injection vulnerability and an SQL-injection vulnerability because it fails to sanitize user- supplied input. Exploiting these issues may allow an attacker to compromise the application, access or modify data, exploit vulnerabilities in the underlying database, execute HTML and script code in the context of the affected site, steal cookie-based authentication credentials, or control how the site is rendered to the user other attacks are also possible. op5 Monitor 5.4.2 is vulnerable other versions may also be affected.

Solution

Vendor updates are available. Please see the references for more information.

References

http://www.securityfocus.com/bid/55191

Updated on 2015-03-25

Severity

Classification

CVSS	Base Score: 7.5 AV:N/AC:L/Au:S/C:C/I:P/A:N

Related Vulnerabilities

Acute Control Panel SQL Injection Vulnerability and Remote File Include Vulnerability
ASUS RT56U Router Multiple Vulnerabilities
AlstraSoft AskMe Pro 'forum_answer.php' and 'profile.php' Multiple SQL Injection Vulnerabilities
Adobe ColdFusion Authentication Bypass Vulnerability
AstroSPACES profile.php SQL Injection Vulnerability

op5 Monitor HTML Injection and SQL Injection Vulnerabilities

Take action and discover your vulnerabilities