Web application abuses : IceHrm Multiple Security Vulnerabilities

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.805032

Categoría: Web application abuses

Título: IceHrm Multiple Security Vulnerabilities

Resumen: IceHrm is prone to multiple vulnerabilities.

Descripción: Summary:
IceHrm is prone to multiple vulnerabilities.

Vulnerability Insight:
Flaws are due to:

- The service.php script not properly sanitizing user input, specifically
path traversal style attacks (e.g. '../../') supplied to the 'file'
parameter.

- The index.php script not properly sanitizing user input, specifically path
traversal style attacks (e.g. '../../') supplied to the 'n' and 'g'
parameters.

- The fileupload.php script does not properly verify or sanitize user-uploaded
files via the 'file_name' POST parameter.

- The login.php script does not validate input to the 'key' parameter before
returning it to users.

- The fileupload_page.php script does not validate input to the 'id',
'file_group', 'user' and 'msg' parameter before returning it to users.

- The /data/ folder that is due to the program failing to restrict users
from making direct requests to profile images for users or employees.

- The HTTP requests to service.php do not require multiple steps, explicit
confirmation, or a unique token when performing certain sensitive actions.

Vulnerability Impact:
Successful exploitation will allow attacker
to execute arbitrary script code in the context of the vulnerable site,
potentially allowing the attacker to steal cookie-based authentication
credentials, upload arbitrary files to the affected application, read and
write arbitrary files in the context of the user running the affected
application, and obtain potentially sensitive information.

Affected Software/OS:
IceHrm version 7.1 and prior.

Solution:
Upgrade to IceHrm 7.2 or later.

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Copyright Copyright (C) 2014 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.805032
Categoría:	Web application abuses
Título:	IceHrm Multiple Security Vulnerabilities
Resumen:	IceHrm is prone to multiple vulnerabilities.
Descripción:	Summary: IceHrm is prone to multiple vulnerabilities. Vulnerability Insight: Flaws are due to: - The service.php script not properly sanitizing user input, specifically path traversal style attacks (e.g. '../../') supplied to the 'file' parameter. - The index.php script not properly sanitizing user input, specifically path traversal style attacks (e.g. '../../') supplied to the 'n' and 'g' parameters. - The fileupload.php script does not properly verify or sanitize user-uploaded files via the 'file_name' POST parameter. - The login.php script does not validate input to the 'key' parameter before returning it to users. - The fileupload_page.php script does not validate input to the 'id', 'file_group', 'user' and 'msg' parameter before returning it to users. - The /data/ folder that is due to the program failing to restrict users from making direct requests to profile images for users or employees. - The HTTP requests to service.php do not require multiple steps, explicit confirmation, or a unique token when performing certain sensitive actions. Vulnerability Impact: Successful exploitation will allow attacker to execute arbitrary script code in the context of the vulnerable site, potentially allowing the attacker to steal cookie-based authentication credentials, upload arbitrary files to the affected application, read and write arbitrary files in the context of the user running the affected application, and obtain potentially sensitive information. Affected Software/OS: IceHrm version 7.1 and prior. Solution: Upgrade to IceHrm 7.2 or later. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Copyright	Copyright (C) 2014 Greenbone AG