| VID |
21606 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
A version of MaxWebPortal which is older than version 1.34 is detected as installed on the host. MaxWebPortal is a freely available Web portal and online community system written in ASP. MaxWebPortal versions prior to 1.34 are vulnerable to multiple input validation vulnerabilities, which can be exploited by remote attackers to conduct cross-site scripting and SQL injection attacks.
1) A SQL Injection Vulnerability: Input passed to the EVENT_ID parameter in the Update_Events function in "events_functions.asp" script isn't properly sanitized before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
2) A Cross-Site Scripting Vulnerability: Input passed to the banner URL parameter in "links_add_form.asp" script isn't properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of a vulnerable site.
* Note: This check solely relied on the version number of the MaxWebPortal software installed on the remote Web server to assess this vulnerability, so this might be a false positive.
* References:
http://www.securitytracker.com/alerts/2005/Mar/1013617.html
* Platforms Affected:
MaxWebPortal versions prior to 1.34
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of MaxWebPortal (1.34 or later), available from the MaxWebPortal Web site at http://sourceforge.net/projects/mwp/ |
| Related URL |
CVE-2005-1016,CVE-2005-1017 (CVE) |
| Related URL |
12968,13466 (SecurityFocus) |
| Related URL |
19928,19929 (ISS) |
|
