FileRun Multiple SQL Injection and Cross-Site Scripting Vulnerabilities
BID:23752
Info
FileRun Multiple SQL Injection and Cross-Site Scripting Vulnerabilities
| Bugtraq ID: | 23752 |
| Class: | Input Validation Error |
| CVE: |
CVE-2007-2469 |
| Remote: | Yes |
| Local: | No |
| Published: | May 01 2007 12:00AM |
| Updated: | May 07 2015 05:39PM |
| Credit: | r0t is credited with the discovery of these vulnerabilities. |
| Vulnerable: |
FileRun FileRun 1.0 |
| Not Vulnerable: | |
Discussion
FileRun Multiple SQL Injection and Cross-Site Scripting Vulnerabilities
FileRun is prone to multiple input-validation vulnerabilities, including SQL-injection and cross-site scripting issues, because it fails to sufficiently sanitize user-supplied data.
Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.
FileRun 1.0 and prior versions are vulnerable to these issues.
FileRun is prone to multiple input-validation vulnerabilities, including SQL-injection and cross-site scripting issues, because it fails to sufficiently sanitize user-supplied data.
Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.
FileRun 1.0 and prior versions are vulnerable to these issues.
Exploit / POC
FileRun Multiple SQL Injection and Cross-Site Scripting Vulnerabilities
Attackers can use a browser to exploit these issues.
Attackers can use a browser to exploit these issues.
Solution / Fix
FileRun Multiple SQL Injection and Cross-Site Scripting Vulnerabilities
Solution:
Currently we are not aware of any vendor-supplied patches for these issues. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for these issues. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
FileRun Multiple SQL Injection and Cross-Site Scripting Vulnerabilities
References:
References:
- FileRun Vuln. (r0t)
- Vendor Homepage (FileRun)