Summary
AproxEngine is prone to multiple input-validation vulnerabilities, including SQL-injection, HTML-injection, directory-traversal, and email- spoofing issues.
Attackers can exploit these issues to execute arbitrary script code in the context of the webserver, compromise the application, obtain sensitive information, steal cookie-based authentication credentials from legitimate users of the site, modify the way the site is rendered, perform certain unauthorized actions in the context of a user, access or modify data, or exploit latent vulnerabilities in the underlying database.
Attackers may require administrative privileges to exploit some of these issues.
AproxEngine 5.3.04 and 6.0 are vulnerable
other versions may also
be affected.
References
Severity
Classification
-
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Arkeia Appliance Path Traversal Vulnerability
- Andy's PHP Knowledgebase 'step5.php' Remote PHP Code Execution Vulnerability
- Advantech Studio 'NTWebServer.exe' Directory Traversal Vulnerability
- appRain CMF SQL Injection And Cross Site Scripting Vulnerabilities
- Apache Archiva Multiple Remote Command Execution Vulnerabilities