Online Guestbook Pro 'ogp_show.php' Multiple Input Validation Vulnerabilities

Online Guestbook Pro is prone to multiple input-validation vulnerabilities because it fails to adequately sanitize user-supplied input. These vulnerabilities include an SQL-injection issue, an HTML-injection issue, and a cross-site scripting issue.

Exploiting these issues can allow an attacker to run malicious HTML and script code in the context of the affected browser, steal cookie-based authentication credentials, control how the site is rendered to the user, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. Other attacks may also be possible.

Online Guestbook Pro 5.1 is vulnerable; other versions may also be affected.


 

Privacy Statement
Copyright 2010, SecurityFocus