Web application abuses : webERP Information Disclosure, SQL Injection, and Cross Site Scripting Vulnerabilities

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.103343

Categoría: Web application abuses

Título: webERP Information Disclosure, SQL Injection, and Cross Site Scripting Vulnerabilities

Resumen: webERP is prone to information-disclosure, SQL-injection, and cross-;site scripting vulnerabilities because it fails to sufficiently;sanitize user-supplied input.;;An attacker may exploit the information-disclosure issue to gain;access to sensitive information that may lead to further attacks.;;An attacker may exploit the SQL-injection issue to compromise the;application, access or modify data, or exploit latent vulnerabilities;in the underlying database.;;An attacker may leverage the cross-site scripting issue to execute;arbitrary script code in the browser of an unsuspecting user in the;context of the affected site. This may allow the attacker to steal cookie-;based authentication credentials and launch other attacks.;;webERP 4.0.5 is vulnerable. Prior versions may also be affected.

Descripción: Summary:
webERP is prone to information-disclosure, SQL-injection, and cross-
site scripting vulnerabilities because it fails to sufficiently
sanitize user-supplied input.

An attacker may exploit the information-disclosure issue to gain
access to sensitive information that may lead to further attacks.

An attacker may exploit the SQL-injection issue to compromise the
application, access or modify data, or exploit latent vulnerabilities
in the underlying database.

An attacker may leverage the cross-site scripting issue to execute
arbitrary script code in the browser of an unsuspecting user in the
context of the affected site. This may allow the attacker to steal cookie-
based authentication credentials and launch other attacks.

webERP 4.0.5 is vulnerable. Prior versions may also be affected.

Solution:
Vendor updates are available. Please see the references for more
information.

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Copyright Copyright (C) 2011 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.103343
Categoría:	Web application abuses
Título:	webERP Information Disclosure, SQL Injection, and Cross Site Scripting Vulnerabilities
Resumen:	webERP is prone to information-disclosure, SQL-injection, and cross-;site scripting vulnerabilities because it fails to sufficiently;sanitize user-supplied input.;;An attacker may exploit the information-disclosure issue to gain;access to sensitive information that may lead to further attacks.;;An attacker may exploit the SQL-injection issue to compromise the;application, access or modify data, or exploit latent vulnerabilities;in the underlying database.;;An attacker may leverage the cross-site scripting issue to execute;arbitrary script code in the browser of an unsuspecting user in the;context of the affected site. This may allow the attacker to steal cookie-;based authentication credentials and launch other attacks.;;webERP 4.0.5 is vulnerable. Prior versions may also be affected.
Descripción:	Summary: webERP is prone to information-disclosure, SQL-injection, and cross- site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input. An attacker may exploit the information-disclosure issue to gain access to sensitive information that may lead to further attacks. An attacker may exploit the SQL-injection issue to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. An attacker may leverage the cross-site scripting issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie- based authentication credentials and launch other attacks. webERP 4.0.5 is vulnerable. Prior versions may also be affected. Solution: Vendor updates are available. Please see the references for more information. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Copyright	Copyright (C) 2011 Greenbone AG