|
Description
|
|
A security issue and multiple vulnerabilities have been reported in ClientExec, which can be exploited by malicious users to disclose potentially sensitive information and conduct SQL injection attacks and by malicious people to conduct cross-site scripting attacks.
1) Input passed via the "name" GET parameter to order.php (when "step" is set to "subsearch" and "tld" is set to "false") is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
2) Input passed via the "sort" GET parameter to index.php (when "fuse" is set to "billing", "action" is set to "GetInvoiceList" or "GetUnInvoicedList", and "sessionHash" is set) and "invoiceid" GET parameter to index.php (when "fuse" is set to "billing", "action" is set to "GetInvoiceEntries", and "sessionHash" is set) is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
3) The application does not properly verify permissions when processing certain requests, which can be exploited to e.g. disclose invoices of other users.
The security issue and the vulnerabilities are reported in versions 4.6 through 4.6.3.
|
