BookNux Multiple Cross Site Scripting and SQL Injection Vulnerabilities

Summary

BookNux is prone to multiple cross-site scripting and SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data.

Credit:

The original article can be found at: http://www.securityfocus.com/bid/54357
The information has been provided by Jean Pascal Pereira .


Details

Vulnerable Systems:
 * BookNux Multiple Cross Site Scripting and SQL Injection Vulnerabilities

Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.BookNux 0.2 and prior are vulnerable.

Vendor Status:
Currently we are not aware of any vendor-supplied patches

Disclosure Timeline:
Initial Release: Jul 09 2012

Categories: News