Ad Manager Pro Multiple SQL Injection And XSS Vulnerabilities

Summary
This host is running Ad Manager Pro and is prone to multiple sql injection and cross site scripting vulnerabilities.
Impact
Successful exploitation will allow remote attackers to to manipulate SQL queries by injecting arbitrary SQL code or execute arbitrary HTML and script code in a user's browser session in context of affected website. Impact Level: Application
Solution
Upgrade to the latest verison For updates refer to http://www.phpwebscripts.com/ad-manager-pro/
Insight
- Input passed via the 'X-Forwarded-For' HTTP header field is not properly sanitised before being used in SQL queries. - Inputs passed via 'username', 'password' 'image_control' and 'email' parameters to 'advertiser.php' and 'publisher.php' is not properly sanitised before being returned to the user.
Affected
Ad Manager Pro
References