Test ID:	1.3.6.1.4.1.25623.1.0.806065
Category:	Web application abuses
Title:	Mango Automation Multiple Vulnerabilities
Summary:	Mango Automation is prone to multiple vulnerabilities.
Description:	Summary: Mango Automation is prone to multiple vulnerabilities. Vulnerability Insight: Multiple flaws are due to: - Mango Automation contains default configuration for debugging enabled in the '/WEB-INF./web.xml' file (debug=true). - Improper verification of uploaded image files in 'graphicalViewsBackgroundUpload' script via the 'backgroundImage' POST parameter. - Input sanitization error in '/sqlConsole.shtm' script. - Improper verification of provided credentials by 'login.htm' script. - The POST parameter 'c0-param0' in the testProcessCommand.dwr method is not properly sanitised before being used to execute commands. Vulnerability Impact: Successful exploitation will allow a remote attacker to gain extra privileges, to gain access to sensitive information, to inject and execute arbitrary os commands, execute arbitrary script code in a users browser session, to execute arbitrary SQL commands with administrative privileges. Affected Software/OS: Mango Automation versions 2.5.2 and 2.6.0 beta (build 327). Solution: No known solution was made available for at least one year since the disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Copyright	Copyright (C) 2015 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.