Sharetronix Multiple Input Validation Vulnerabilities

Sharetronix is prone to the following input-validation vulnerabilities:

1. Multiple PHP code-injection vulnerabilities
2. An arbitrary file-upload vulnerability
3. Multiple SQL-injection vulnerabilities
4. A cross-site request-forgery vulnerability
5. An authentication-bypass vulnerability

Attackers can exploit these issues to bypass authentication mechanism, upload arbitrary files, execute arbitrary PHP code, compromise the application, access or modify data, exploit vulnerabilities in the underlying database, or to perform unauthorized actions by enticing a logged-in user to visit a malicious site.

Sharetronix 3.1.1 is vulnerable; other versions may also be affected.


 

Privacy Statement
Copyright 2010, SecurityFocus