It is recommended to double check the input data and its correctness before using it. SACCO Open Source is prone to remote code execution via 'download' parameter in the file /sacco_shield/download.php. This might be leveraged by attackers to install malicious code in the hosting server. SACCO Open Source is prone to cross-site scripting (XSS) vulnerability via 'Click here' code in the file /sacco_shield/contact.php. Hackers might use this vulnerability to inject malicious code into website’s response. It is highly recommended to sanitize the parameter 'Click here' before using it in the code. SACCO Open Source is prone to remote code execution vulnerability via 'repository_download' parameter in the file /sacco_shield/download.php. This might be leveraged by attackers to install malicious code in the hosting server. SACCO Open Source is prone to cross-site scripting (XSS) vulnerability via 'referer' parameter in the file /sacco_shield/contact.php. Hackers might use this vulnerability to inject malicious code into website’s response. It is highly recommended to sanitize the parameter 'referer' before using it in the code. SACCO Open Source is prone to SQL Injection via /sacco_shield/manage_payment.php. It is recommended to filter the input data when it is received via this file,
SQL Injection
SACCO Open Source is prone to remote code execution vulnerability via 'action' parameter in the file /sacco_shield/manage_payment.php. This might be leveraged by attackers to install malicious code in the hosting server. SACCO Open Source is prone to cross-site scripting (XSS) vulnerability via 'options' parameter in the file /sacco_shield/manage_payment.php. Hackers might use this vulnerability to inject malicious code into website’s response. It is highly recommended to sanitize the parameter 'options' before using it in the code.
SACCO Open Source SQL Injection Vulnerabilities
It is recommended to filter the input data when it is received via this file, as it might be vulnerable to SQL Injection.
SACCO Open Source Vulnerable To:
Cross-site scripting vulnerability via 'referer' parameter in the file /sacco_shield/contact.php
Remote code execution vulnerability via 'repository_download' parameter in the file /sacco_shield/download.php
SQL injection vulnerability via 'manage_payment.php'
SACCO Open Source - Technical Overview
SACCO Open Source is designed for webmasters who want to run this software on their websites. The software can be installed from a standalone server or from within the hosting server. It supports multiple languages, including English, French and Spanish.
The software includes an “Add-ons Manager” that lets you install extensions to enhance its functionality and provide additional support to your visitors.
Timeline
Published on: 10/17/2022 21:15:00 UTC
Last modified on: 10/19/2022 19:16:00 UTC