Event Horizon 'modfile.php' Cross Site Scripting And SQL Injection Vulnerabilities Network Vulnerability

Summary

This host is running Event Horizon and is prone cross site scripting and SQL injection vulnerabilities.

Impact

Successful exploitation will allow remote attackers to execute arbitrary HTML and script code and manipulate SQL queries by injecting arbitrary SQL code in a user's browser session in context of an affected site. Impact Level: Application.

Solution

Upgrade to the Event Horizon version 1.1.11 http://code.google.com/p/eventh/downloads/list

Insight

The flaw exists due to the improper validation of user supplied data to 'YourEmail' and 'VerificationNumber' parameters to 'modfile.php' script.

Affected

Event Horizon version 1.1.10 and prior.

References

http://freshmeat.net/projects/eventh/
http://secunia.com/advisories/40517

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-2854, CVE-2010-2855
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

/cgi-bin directory browsable ?
Apache ActiveMQ 'Cron Jobs' Cross Site Scripting Vulnerability
Apache Tomcat Login Constraints Security Bypass Vulnerability
3Com NBX VoIP NetSet Detection
11in1 Cross Site Request Forgery and Local File Include Vulnerabilities

Event Horizon 'modfile.php' Cross Site Scripting and SQL Injection Vulnerabilities

Take action and discover your vulnerabilities