WeBid Multiple Input Validation Vulnerabilities Network Vulnerability

Summary

WeBid is prone to multiple input-validation vulnerabilities because it fails to adequately sanitize user-supplied input. These vulnerabilities include a local file-include vulnerability and a cross-site- scripting vulnerability. Exploiting these issues can allow an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, obtain potentially sensitive information, and execute arbitrary local scripts in the context of the webserver process. This may allow the attacker to compromise the application and the computer other attacks are also possible. WeBid 0.85P1 is vulnerable other versions may be affected.

References

http://www.johnleitch.net/Vulnerabilities/WeBid.0.8.5P1.Local.File.Inclusion/63
http://www.johnleitch.net/Vulnerabilities/WeBid.0.8.5P1.Reflected.Cross-site.Scripting/62
http://www.webidsupport.com/
https://www.securityfocus.com/bid/44765

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-4873

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Apache Roller 'q' Parameter Cross Site Scripting Vulnerability
AjaXplorer Remote Command Injection and Local File Disclosure Vulnerabilities
123 Flash Chat Multiple Security Vulnerabilities
Apache ActiveMQ Multiple Vulnerabilities
2532|Gigs Directory Traversal And SQL Injection Multiple Vulnerabilities

Take action and discover your vulnerabilities