MaxWebPortal <= 1.35 Multiple Vulnerabilities

high Nessus Plugin ID 18248

Synopsis

The remote web server contains an ASP application that is affected by multiple flaws.

Description

According to its banner, the remote host is running a version of MaxWebPortal that is prone to multiple cross-site scripting and SQL injection vulnerabilities. Exploitation of these flaws may result in password theft and/or site defacement.

Solution

Unknown at this time.

See Also

http://www.hackerscenter.com/archive/view.asp?id=2542

https://seclists.org/bugtraq/2005/May/121

Plugin Details

Severity: High

ID: 18248

File Name: maxwebportal_135.nasl

Version: 1.21

Type: remote

Family: CGI abuses

Published: 5/12/2005

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.6

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

Required KB Items: www/ASP

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Available: true

Exploit Ease: No exploit is required

Vulnerability Publication Date: 5/10/2005

Reference Information

CVE: CVE-2005-1561, CVE-2005-1562

BID: 13601

CWE: 20, 442, 629, 711, 712, 722, 725, 74, 750, 751, 79, 800, 801, 809, 811, 864, 900, 928, 931, 990