WebMplayer Multiple Input Validation Vulnerabilities
BID:22726
Info
WebMplayer Multiple Input Validation Vulnerabilities
| Bugtraq ID: | 22726 |
| Class: | Input Validation Error |
| CVE: |
CVE-2007-1136 CVE-2007-1135 |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 20 2007 12:00AM |
| Updated: | Jul 05 2016 09:38PM |
| Credit: | The vendor disclosed these issues. |
| Vulnerable: | |
| Not Vulnerable: |
WebMplayer WebMplayer 0.6.1alpha |
Discussion
WebMplayer Multiple Input Validation Vulnerabilities
WebMplayer is prone to multiple SQL-injection vulnerabilities and an arbitrary-shell-command-execution vulnerability because the application fails to properly sanitize user-supplied input.
A successful exploit could allow an attacker to compromise the application, access or modify data, exploit vulnerabilities in the underlying database implementation, or execute arbitrary shell commands in the context of the webserver process.
WebMplayer versions prior to 0.6.1-alpha are vulnerable.
WebMplayer is prone to multiple SQL-injection vulnerabilities and an arbitrary-shell-command-execution vulnerability because the application fails to properly sanitize user-supplied input.
A successful exploit could allow an attacker to compromise the application, access or modify data, exploit vulnerabilities in the underlying database implementation, or execute arbitrary shell commands in the context of the webserver process.
WebMplayer versions prior to 0.6.1-alpha are vulnerable.
Exploit / POC
WebMplayer Multiple Input Validation Vulnerabilities
Attackers can exploit these issues via a web client.
Attackers can exploit these issues via a web client.
Solution / Fix
WebMplayer Multiple Input Validation Vulnerabilities
Solution:
The vendor released version 0.6.1alpha to address these issues. Please see the references for more information.
Solution:
The vendor released version 0.6.1alpha to address these issues. Please see the references for more information.
References
WebMplayer Multiple Input Validation Vulnerabilities
References:
References:
- WebMplayer Homepage (WebMplayer)
- WebMplayer v0.6.1alpha released! (WebMplayer)