Promise WebPAM Multiple Input Validation Vulnerabilities

Promise WebPAM Multiple Input Validation Vulnerabilities

Promise WebPAM is prone to multiple cross-site scripting, multiple SQL-injection, multiple cross-site request-forgery and a source code disclosure vulnerabilities.

Exploiting these issues could allow an attacker to execute arbitrary code, steal cookie-based authentication credentials, compromise the application, access or modify data, exploit latent vulnerabilities in the underlying database, or view the source code of files in the context of the server process.

Promise WebPAM 2.2.0.13 is vulnerable; other versions may also be affected.