|
|
Family: CGI abuses --> Category: attack
Kayako LiveResponse Multiple Input Validation Vulnerabilities Vulnerability Scan
Vulnerability Scan Summary
Checks for multiple input validation vulnerabilities in Kayako LiveResponse
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote web server contains a PHP script that is affected by a
variety of flaws.
Description :
The remote host is running Kayako LiveResponse, a web-based live
support system.
The installed version of Kayako LiveResponse on the remote host fails
to sanitize user-supplied input to many parameters / scripts, which
makes the application vulnerable to SQL injection and cross-site
scripting attacks. In addition, the application embeds passwords in
plaintext as part of GET requests and will reveal its installation
directory in response to direct calls to several scripts.
See also :
http://www.gulftech.org/?node=research&article_id=00092-07302005
http://www.securityfocus.com/archive/1/406914
Solution :
Unknown at this time.
Threat Level:
Medium / CVSS Base Score : 4.7
(AV:R/AC:L/Au:NR/C:P/I:P/A:N/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|
