eXpandable Home Page CMS Multiple Access Validation Vulnerabilities

Bugtraq ID:	17209
Class:	Access Validation Error
CVE:
Remote:	Yes
Local:	No
Published:	Mar 23 2006 12:00AM
Updated:	Mar 27 2006 07:09PM
Credit:	rgod is credited with the discovery of this vulnerability.
Vulnerable:	eXpandable Home Page eXpandable Home Page 0.5
Not Vulnerable:	eXpandable Home Page eXpandable Home Page 0.5.1

eXpandable Home Page CMS Multiple Access Validation Vulnerabilities

eXpandable Home Page CMS is prone to multiple access-validation vulnerabilities. These issues are due to a failure in the application to limit access to administrative sections of the application.

A successful exploit may allow an attacker to access potentially sensitive information and to execute arbitrary PHP code in the context of the webserver process.

This issue is reported to affect XHP CMS version 0.5; other versions may also be vulnerable.

eXpandable Home Page CMS Multiple Access Validation Vulnerabilities


This issue can be exploited via a web client.

Exploit code has been provided.

• /data/vulnerabilities/exploits/xhp-cms-exploit.php

eXpandable Home Page CMS Multiple Access Validation Vulnerabilities

Solution:
The vendor has released version 0.5.1 to address this issue.


eXpandable Home Page eXpandable Home Page 0.5

• eXpandable Home Page xhp_0_5_1.tar.gz
  http://prdownloads.sourceforge.net/xhp/xhp_0_5_1.tar.gz

eXpandable Home Page CMS Multiple Access Validation Vulnerabilities

References: