Summary
Xplode is prone to an SQL-injection vulnerability and a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.
Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
References
Updated on 2015-03-25
Severity
Classification
-
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- AproxEngine Multiple Remote Input Validation Vulnerabilities
- AjaXplorer zoho plugin Directory Traversal Vulnerability
- Andy's PHP Knowledgebase 'step5.php' Remote PHP Code Execution Vulnerability
- AstroSPACES profile.php SQL Injection Vulnerability
- Adiscon LogAnalyzer Multiple SQL Injection and XSS Vulnerabilities