Publicera Multiple Input Validation Vulnerabilities

Bugtraq ID:	21457
Class:	Input Validation Error
CVE:
Remote:	Yes
Local:	No
Published:	Dec 06 2006 12:00AM
Updated:	Dec 06 2006 11:14PM
Credit:	The vendor reported this issue.
Vulnerable:	Progga.se Publicera 1.0 rc2 Progga.se Publicera 1.0 rc1
Not Vulnerable:	Progga.se Publicera 1.0 rc3

Publicera Multiple Input Validation Vulnerabilities

Publicera is prone to multiple input-validation vulnerabilities, including cross-site scripting and multiple SQL-injection issues, because it fails to sufficiently sanitize user-supplied input.

An attacker could exploit these issues to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.

Publicera 1.0-rc2 and prior versions are vulnerable to these issues.

Publicera Multiple Input Validation Vulnerabilities

An attacker can exploit these issues via a web client.

Publicera Multiple Input Validation Vulnerabilities

Solution:
The vendor has released an update to address this issue. Please see the references for more information.

Publicera Multiple Input Validation Vulnerabilities

References:

• Publicera Version 1.0 RC3 Release Notes (Publicera)
  
• Vendor Home Page (Progga.se)