PhreeBooks Multiple HTML-Injection And Local File Include Vulnerabilities Network Vulnerability

Summary

PhreeBooks is prone to multiple local file-include vulnerabilities and multiple HTML-injection vulnerabilities because it fails to properly sanitize user-supplied input. An attacker can exploit the local file-include vulnerabilities using directory-traversal strings to view files and execute local scripts in the context of the webserver process other attacks are also possible. The attacker may leverage the HTML-injection issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie- based authentication credentials and launch other attacks. PhreeBooks 2.0 is vulnerable other versions may also be affected.

References

http://sourceforge.net/projects/phreebooks/
http://www.phreebooks.com/
https://www.securityfocus.com/bid/40639

Updated on 2015-03-25

Severity

Classification

CVSS	Base Score: 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Apache Tomcat Information Disclosure Vulnerability
Allegro RomPager HTTP Referer Header Cross Site Scripting Vulnerability
Apache ActiveMQ Source Code Information Disclosure Vulnerability
APC PowerChute Network Shutdown 'security/applet' Cross Site Scripting Vulnerability
11in1 Cross Site Request Forgery and Local File Include Vulnerabilities

PhreeBooks Multiple HTML-Injection and Local File Include Vulnerabilities

Take action and discover your vulnerabilities