Advantech WebAccess < 7.0-2011.12.20 Multiple Vulnerabilities
High Nessus Plugin ID 85692
SynopsisThe remote host is affected by multiple vulnerabilities.
DescriptionThe version of Advantech WebAccess running on the remote host is prior to version 7.0-2011.12.20. It is, therefore, affected multiple vulnerabilities :
- A cross-site scripting vulnerability exist due to improper validation of unspecified input. A remote attacker, using a specially crafted request, can exploit this to execute arbitrary script code in the browser in the context of the user's session. (VulnDB 124949)
- A SQL injection vulnerability exists due to unspecified input not being properly sanitized before processing SQL queries. A remote attacker can exploit this to inject SQL queries against the database, resulting in the disclosure or manipulation of arbitrary data.
SolutionUpgrade to Advantech WebAccess version 7.0-2011.12.20 or higher.