Summary
This host is running Telaen and is prone to multiple vulnerabilities.
Impact
Successful exploitation could allow attackers to perform open redirection, obtain sensitive information and execute arbitrary code in a user's browser session in context of an affected site.
Impact Level: Application
Solution
Upgrade to Telaen version 1.3.1 or later
For updates refer to http://www.telaen.com
Insight
The flaws are due to,
- Improper validation of input passed to 'f_email' parameter upon submission to the '/telaen/index.php' script.
- Improper validation of user-supplied input upon submission to the '/telaen/redir.php' script.
- Issue when requested for the '/telaen/inc/init.php' script.
Affected
Telaen version 1.3.0 and prior
References
Severity
Classification
-
CVE CVE-2013-2621, CVE-2013-2623, CVE-2013-2624 -
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Abtp Portal Project 'ABTPV_BLOQUE_CENT' Parameter Local and Remote File Include Vulnerabilities
- AN Guestbook Local File Inclusion Vulnerability
- Adobe ColdFusion Multiple Path Disclosure Vulnerabilities
- APC PowerChute Network Shutdown HTTP Response Splitting Vulnerability
- Apache Web Server ETag Header Information Disclosure Weakness