Register Plus Redux Multiple Security vulnerabilities
BID:51208
Info
Register Plus Redux Multiple Security vulnerabilities
| Bugtraq ID: | 51208 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Dec 30 2011 12:00AM |
| Updated: | Dec 30 2011 12:00AM |
| Credit: | MustLive |
| Vulnerable: |
Register Plus Redux Register Plus Redux 3.7.3.1 |
| Not Vulnerable: |
Register Plus Redux Register Plus Redux 3.8 |
Discussion
Register Plus Redux Multiple Security vulnerabilities
Register Plus Redux is prone to information-disclosure, SQL-injection, cross-site scripting, arbitrary-code-execution, and HTML-injection vulnerabilities because it fails to sufficiently sanitize user-supplied input.
An attacker may leverage these issues to harvest sensitive information, compromise the application, access or modify data, exploit latent vulnerabilities in the underlying database, or execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.
Register Plus Redux 3.7.3.1 is vulnerable; other versions may also be affected.
Register Plus Redux is prone to information-disclosure, SQL-injection, cross-site scripting, arbitrary-code-execution, and HTML-injection vulnerabilities because it fails to sufficiently sanitize user-supplied input.
An attacker may leverage these issues to harvest sensitive information, compromise the application, access or modify data, exploit latent vulnerabilities in the underlying database, or execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.
Register Plus Redux 3.7.3.1 is vulnerable; other versions may also be affected.
Exploit / POC
Register Plus Redux Multiple Security vulnerabilities
An attacker can use a Web browser to exploit these issues.
An attacker can use a Web browser to exploit these issues.
Solution / Fix
Register Plus Redux Multiple Security vulnerabilities
Solution:
Vendor updates are available. Please see the references for more information.
Solution:
Vendor updates are available. Please see the references for more information.
References
Register Plus Redux Multiple Security vulnerabilities
References:
References:
- webERP Homepage (webERP)
- Multiple vulnerabilities in webERP ([email protected])
- Multiple vulnerabilities in webERP (High-Tech Bridge SA Security Research Lab)