TUTOS Multiple Input Validation Vulnerabilities
BID:10129
Info
TUTOS Multiple Input Validation Vulnerabilities
| Bugtraq ID: | 10129 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 13 2004 12:00AM |
| Updated: | Apr 13 2004 12:00AM |
| Credit: | Discovery is credited to Francois SORIN <[email protected]>. |
| Vulnerable: |
Tutos Tutos 1.1 .20031017 |
| Not Vulnerable: |
Tutos Tutos 1.1 .20040412 |
Discussion
TUTOS Multiple Input Validation Vulnerabilities
Multiple vulnerabilities have been identified in various modules of TUTOS. These vulnerabilities may allow a remote attacker to carry out various attacks such as path disclosure, cross-site scripting, and possibly SQL injection.
Multiple vulnerabilities have been identified in various modules of TUTOS. These vulnerabilities may allow a remote attacker to carry out various attacks such as path disclosure, cross-site scripting, and possibly SQL injection.
Exploit / POC
TUTOS Multiple Input Validation Vulnerabilities
The following proof of concept has been provided:
http://www.example.com/php/note/note_overview.php?id=1
The following proof of concept has been provided:
http://www.example.com/php/note/note_overview.php?id=1
Solution / Fix
TUTOS Multiple Input Validation Vulnerabilities
Solution:
The vendor has released TUTOS 1.1.20040412 to address these issues.
Tutos Tutos 1.1 .20031017
Solution:
The vendor has released TUTOS 1.1.20040412 to address these issues.
Tutos Tutos 1.1 .20031017
-
TUTOS tutos-php-1.1.20040412.tar.bz2
http://download.sourceforge.net/tutos/tutos-php-1.1.20040412.tar.bz2