CoolForum Multiple Input Validation Vulnerabilities
BID:12392
Info
CoolForum Multiple Input Validation Vulnerabilities
| Bugtraq ID: | 12392 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Jan 28 2005 12:00AM |
| Updated: | Jan 28 2005 12:00AM |
| Credit: | Discovery is credited to benjilenoob. |
| Vulnerable: |
CoolForum CoolForum 0.7.2 |
| Not Vulnerable: |
CoolForum CoolForum 0.7.3 |
Discussion
CoolForum Multiple Input Validation Vulnerabilities
CoolForum is reported prone to multiple vulnerabilities resulting from input validation errors. These issues may allow an attacker to carry out HTML and SQL injection attacks.
The following specific issues were identified:
It has been reported that the application is prone to multiple SQL injection vulnerabilities that may allow a remote attacker to inject arbitrary SQL queries into the database used by CoolForum.
An HTML injection vulnerability may also affect the application. This issue can allow for theft of cookie based authentication credentials and other attacks.
CoolForum 0.7.2 is reported prone to these issues. It is likely that other versions are vulnerable as well.
CoolForum is reported prone to multiple vulnerabilities resulting from input validation errors. These issues may allow an attacker to carry out HTML and SQL injection attacks.
The following specific issues were identified:
It has been reported that the application is prone to multiple SQL injection vulnerabilities that may allow a remote attacker to inject arbitrary SQL queries into the database used by CoolForum.
An HTML injection vulnerability may also affect the application. This issue can allow for theft of cookie based authentication credentials and other attacks.
CoolForum 0.7.2 is reported prone to these issues. It is likely that other versions are vulnerable as well.
Exploit / POC
CoolForum Multiple Input Validation Vulnerabilities
An exploit is not required.
An exploit is not required.
Solution / Fix
CoolForum Multiple Input Validation Vulnerabilities
Solution:
The vendor has released CoolForum 0.7.3 to address this issue.
CoolForum CoolForum 0.7.2
Solution:
The vendor has released CoolForum 0.7.3 to address this issue.
CoolForum CoolForum 0.7.2
-
CoolForum CoolForum 0.7.3
http://www.coolforum.net/download.php?id=40