source: http://www.securityfocus.com/bid/38090/info Interspire Knowledge Manager is prone to multiple SQL-injection vulnerabilities, a cross-site scripting vulnerability, and an information-disclosure vulnerability. Exploiting these issues could allow an attacker to obtain sensitive information, steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. Interspire Knowledge Manager 5.1.3 and prior versions are vulnerable. http://www.example.com/admin/de/colormenu.php?sp=f";[xss];a="
Related ExploitsTrying to match OSVDBs (1): 62283
Other Possible E-DB Search Terms: Interspire Knowledge Manager < 5.1.3, Interspire Knowledge Manager
|2010-02-03||Interspire Knowledge Manager 5 - 'callback.snipshot.php' Arbitrary File Creation||Cory Marsh|
|2009-09-29||Interspire Knowledge Manager 5 - 'p' Parameter Directory Traversal||Infected Web|