|
|
Family: CGI abuses --> Category: mixed
MaxWebPortal <= 1.33 Multiple Vulnerabilities Vulnerability Scan
Vulnerability Scan Summary
Checks for multiple vulnerabilities in MaxWebPortal <= 1.33
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote web server contains an ASP application that is affected by
multiple vulnerabilities.
Description :
The remote host is running a version of MaxWebPortal that is prone to
multiple input validation vulnerabilities:
- Multiple SQL Injection Vulnerabilities
A possible hacker can inject SQL statements via various scripts
to manipulate database queries.
- A Cross-Site Scripting Vulnerability
A possible hacker can pass arbitrary HTML and script code via
the 'banner' parameter of the 'links_add_form.asp' script
to be executed by a user's browser in the context of the
affected web site whenever he views the malicious link.
See also :
http://www.hackerscenter.com/archive/view.asp?id=1807
Solution :
Unknown at this time.
Threat Level:
Medium / CVSS Base Score : 5
(AV:R/AC:L/Au:NR/C:P/A:N/I:P/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|
