AproxEngine Multiple Remote Input Validation Vulnerabilities Network Vulnerability

Summary

AproxEngine is prone to multiple input-validation vulnerabilities, including SQL-injection, HTML-injection, directory-traversal, and email- spoofing issues. Attackers can exploit these issues to execute arbitrary script code in the context of the webserver, compromise the application, obtain sensitive information, steal cookie-based authentication credentials from legitimate users of the site, modify the way the site is rendered, perform certain unauthorized actions in the context of a user, access or modify data, or exploit latent vulnerabilities in the underlying database. Attackers may require administrative privileges to exploit some of these issues. AproxEngine 5.3.04 and 6.0 are vulnerable other versions may also be affected.

References

http://secunia.com/secunia_research/2009-2/
http://www.securityfocus.com/archive/1/508641
http://www.securityfocus.com/bid/37515

Updated on 2017-03-28

Severity

Classification

CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Astium VoIP PBX SQL Injection Vulnerability
Atlassian JIRA FishEye and Crucible Plugins XML Parsing Unspecified Security Vulnerability
Apache Struts2 Showcase Skill Name Remote Code Execution Vulnerability
Atutor AContent Multiple SQL Injection and XSS Vulnerabilities
Apache Struts2 Redirection and Security Bypass Vulnerabilities

Take action and discover your vulnerabilities