Sahana Agasti Multiple Input Validation Vulnerabilities

Published: 2011-01-21 12:34:43

CVSS Base Vector:
AV:N/AC:M/Au:N/C:P/I:N/A:N

Recommendations:
Vendor updates are available. Please contact the vendor for details.

Summary:
Sahana Agasti is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied data.

Impact:
An attacker can exploit these vulnerabilities to obtain potentially sensitive information and to execute arbitrary local scripts in the context of the webserver process, which may aid in redirecting users to a potentially malicious site. This may allow the attacker to compromise the application and the computer and may aid in phishing attacks. Other attacks are also possible.

Affected Versions:
Sahana Agasti versions 0.6.5 and prior are vulnerable.

Detection Type:
Remote Vulnerability

Solution Type:
Vendor Patch

SecurityFocus Bugtraq ID:

https://www.securityfocus.com/bid/45730

References:

https://www.securityfocus.com/bid/45730
http://www.sahanafoundation.org/Sahana066
https://launchpad.net/sahana-agasti/
http://www.sahanafoundation.org/

Search
Severity
Medium
CVSS Score
4.3

You never have to pay for a vulnerability scanning and management software again.

Tired of paying a subscription 'per asset' or 'per IP'? Well you can officially cancel your current subscription. Mageni provides a free, open source and enterprise-ready vulnerability scanning and management platform which helps you to find, prioritize, remediate and manage your vulnerabilities. It is free and always will be.