Family: CGI abuses --> Category: attack
Kayako LiveResponse Multiple Input Validation Vulnerabilities Vulnerability Scan
Vulnerability Scan Summary
Checks for multiple input validation vulnerabilities in Kayako LiveResponse
Detailed Explanation for this Vulnerability Test
The remote web server contains a PHP script that is affected by a
variety of flaws.
The remote host is running Kayako LiveResponse, a web-based live
The installed version of Kayako LiveResponse on the remote host fails
to sanitize user-supplied input to many parameters / scripts, which
makes the application vulnerable to SQL injection and cross-site
scripting attacks. In addition, the application embeds passwords in
plaintext as part of GET requests and will reveal its installation
directory in response to direct calls to several scripts.
See also :
Unknown at this time.
Medium / CVSS Base Score : 4.7
Click HERE for more information and discussions on this network vulnerability scan.