SwDesk Multiple Input Validation Vulnerabilities Network Vulnerability

Summary

swDesk is prone to the following vulnerabilities: 1. An arbitrary file-upload vulnerability. 2. Multiple cross-site scripting vulnerabilities. 3. Multiple PHP code-injection vulnerabilities. An attacker can exploit these issues to execute arbitrary script code in the context of the affected site, steal cookie-based authentication credentials, upload arbitrary code, or inject and execute arbitrary code in the context of the affected application. This may facilitate a compromise of the application and the underlying system other attacks are also possible.

References

http://www.securityfocus.com/bid/51792
http://www.swdesk.com/

Updated on 2015-03-25

Severity

Classification

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Apache Tomcat/JBoss EJBInvokerServlet / JMXInvokerServlet (RMI over HTTP) Marshalled Object Remote Code Execution
AudiStat multiple vulnerabilities
ASAS Server End User Self Service (EUSS) SQL Injection Vulnerability
Astium VoIP PBX SQL Injection Vulnerability
Athena Web Registration remote command execution flaw

swDesk Multiple Input Validation Vulnerabilities

Take action and discover your vulnerabilities