HomePentest-Tools.com Logo

EvalSMSI < 2.2.00 Multiple Vulnerabilities CVE-2010-0614CVE-2010-0615CVE-2010-0616CVE-2010-0617

Severity
Not available
CVSSv3 Score
Not available
Vulnerability description

EvalSMSI is prone to multiple vulnerabilities.

Risk description

Multiple flaws exist due to: - Input passed to the query parameter in ajax.php (when question action is set), return parameter in ajax.php and while writing comments to assess.php page (when continue_assess action is set) is not properly sanitised before being used in SQL queries. - The passwords are stored in plaintext in the database, which allows attackers with database access to gain privileges. Successful exploitation will allow remote attackers to view, edit and delete the backend database via SQL Injection or inject arbitrary web script or HTML via a cross-site scripting (XSS) attack.

Recommendation

Update to version 2.2.00 or later.

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
Feb 11, 2010
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available