BUG #4027
open[SQA] Missing validation and security vulnerabilities in About Us → Parts Inquiry form
100%
Description
The About Us → Parts Inquiry form lacks proper validation, leading to serious security vulnerabilities such as DDoS attacks, XSS, HTML injection, and malicious PHP file uploads. Additionally, injected input payloads are rendered directly in the email output, increasing security risk.
Module / Page
About Us
Module Section
Parts Inquiry Form
Screen Size
All Devices
Tested By
Aman Bhuiyan
Steps to Reproduce¶
- Navigate to About Us → Parts Inquiry page.
- Enter malicious payloads (HTML/JS) in input fields.
- Upload unsupported or malicious file types (e.g., PHP files).
- Submit the form.
- Observe the email output and system behavior.
Expected Result
The form should have proper input validation, file type restrictions, and file size limitations.
Malicious payloads should be sanitized and never rendered in email outputs.
Actual Result
The form accepts malicious inputs and unsupported files, and injected payloads are rendered in the email output.
Attachments
Proof of Concept
Types of Issue
Security / Validation Issue
Root Cause:
Impacted Area: