eLineStudio Site Composer Multiple Input Validation and Unauthorized Access Vulnerabilities

eLineStudio Site Composer Multiple Input Validation and Unauthorized Access Vulnerabilities

eLineStudio Site Composer is prone to multiple vulnerabilities because it fails to properly validate input and restrict access. These issues include two SQL-injection issues, four cross-site scripting issues, and two vulnerabilities that allow unauthorized access to administrative functions.

Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, create or delete folders on the webserver, or exploit latent vulnerabilities in the underlying database.

eLineStudio Site Composer 2.6 is vulnerable; other versions may also be affected.