| VID |
21607 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
A version of MaxWebPortal which is older than version 1.36 is detected as installed on the host. MaxWebPortal is a freely available Web portal and online community system written in ASP. MaxWebPortal versions prior to 1.36 are vulnerable to multiple input validation vulnerabilities, which can be exploited by remote attackers to conduct cross-site scripting and SQL injection attacks.
1) Multiple SQL Injection Vulnerabilities: Input passed to various parameters in "inc_functions.asp", "post_info.asp", "search.asp", "pop_profile.asp", "pop_profile.asp", and "pm_delete2.asp" scripts isn't properly sanitized before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
2) A Cross-Site Scripting Vulnerability: Input passed to the mod, m or type parameters in "post.asp" script isn't properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of a vulnerable site.
* Note: This check solely relied on the version number of the MaxWebPortal software installed on the remote Web server to assess this vulnerability, so this might be a false positive.
* References:
http://www.hackerscenter.com/archive/view.asp?id=2542
http://archives.neohapsis.com/archives/bugtraq/2005-05/0122.html
* Platforms Affected:
MaxWebPortal versions prior to 1.36
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of MaxWebPortal (1.36 or later), available from the MaxWebPortal Web site at http://sourceforge.net/projects/mwp/ |
| Related URL |
CVE-2005-1561,CVE-2005-1562 (CVE) |
| Related URL |
13601 (SecurityFocus) |
| Related URL |
20560,20561,20562 (ISS) |
|
