It has been reported that P4DB is affected by multiple input validation vulnerabilities. These issues are due to a failure of the application to properly sanitize user-supplied URI input. Both cross-site scripting and remote, arbitrary command execution vulnerabilities have been reported. The cross-site scripting issues could permit a remote attacker to create a malicious URI link that includes hostile HTML and script code. If this link were followed, the hostile code may be rendered in the web browser of the victim user. This would occur in the security context of the affected web site and may allow for theft of cookie-based authentication credentials or other attacks. Exploitation of the command execution vulnerabilities could allow a remote, unauthenticated user to remotely execute arbitrary commands on the underlying system with the privileges of the web server that is hosting the vulnerable application. Currently the information available is not sufficient to provide more...
It has been reported that P4DB is affected by multiple input validation vulnerabilities. These issues are due to a failure of the application to properly sanitize user-supplied URI input. Both cross-site scripting and remote, arbitrary command execution vulnerabilities have been reported. The cross-site scripting issues could permit a remote attacker to create a malicious URI link that includes hostile HTML and script code. If this link were followed, the hostile code may be rendered in the web browser of the victim user. This would occur in the security context of the affected web site and may allow for theft of cookie-based authentication credentials or other attacks. Exploitation of the command execution vulnerabilities could allow a remote, unauthenticated user to remotely execute arbitrary commands on the underlying system with the privileges of the web server that is hosting the vulnerable application. Currently the information available is not sufficient to provide more information; this BID will be updated as new details are released.
