meBiblio Multiple Input Validation Vulnerabilities

meBiblio Multiple Input Validation Vulnerabilities

meBiblio is prone to multiple input-validation vulnerabilities, including an SQL injection issue, an arbitrary-file-upload issue, and multiple cross-site scripting issues.

Successful exploits will allow attackers to execute arbitrary script code in the context of the application or the browser of an unsuspecting user and compromise the application. Attackers can also access or modify data or exploit latent vulnerabilities in the underlying database. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

meBiblio 0.4.7 is vulnerable; other versions may also be affected.