Summary
This host is running Valarsoft Webmatic and is prone to multiple Cross-Site Scripting and SQL Injection vulnerabilities.
Impact
Successful exploitation will let the attacker cause Cross-Site Scripting or SQL Injection attacks by executing arbitrary codes within the context of the affected application.
Impact Level: Application.
Solution
Upgrade to Valarsoft Webmatic version 3.0.3.
For updates refer to http://www.valarsoft.com
Insight
- Certain unspecified input is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in the context of an affected site.
- Certain unspecified input is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
Affected
Valarsoft Webmatic prior to 3.0.3
References
Severity
Classification
-
CVE CVE-2009-4379, CVE-2009-4380 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities