BestShopPro 'str' Parameter Cross Site Scripting And SQL Injection Vulnerabilities Network Vulnerability

Summary

BestShopPro is prone to cross-site scripting and SQL-injection vulnerabilities because it fails to sufficiently sanitize user- supplied data. Exploiting these issues could allow an attacker to steal cookie- based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

References

http://www.bst.pl/
http://www.securityfocus.com/bid/50490

Updated on 2015-03-25

Severity

Classification

CVSS Base Score: 2.6
AV:N/AC:H/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Detects Xaraya version
BasiliX Detection
BasiliX Arbitrary File Disclosure Vulnerability
PmWiki Table Feature 'width' Parameter Cross-site scripting vulnerability
OTRS Ticket CustomerID Value Restriction Bypass Vulnerability

BestShopPro 'str' Parameter Cross Site Scripting and SQL Injection Vulnerabilities

Take action and discover your vulnerabilities