MGB Multiple Cross Site Scripting and SQL Injection Vulnerabilities

Summary

MGB is prone to multiple cross-site scripting vulnerabilities and an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data.

Credit:

The original article can be found at: http://www.securityfocus.com/bid/54348
The information has been provided by Stefan Schurtz.


Details

Vulnerable Systems:
 * MGB Multiple Cross Site Scripting and SQL Injection Vulnerabilities

Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
MGB 0.6.9.1 is vulnerable; other versions may also be affected.

Vendor Status:
Currently we are not aware of any vendor-supplied patches

Disclosure Timeline:
Initial Release:Jul 09 2012

Categories: News