Unak CMS Multiple Input Validation Vulnerabilities
BID:18253
CVE-2006-2800 | CVE-2006-2801 |Info
Unak CMS Multiple Input Validation Vulnerabilities
| Bugtraq ID: | 18253 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Jun 02 2006 12:00AM |
| Updated: | Jun 05 2006 06:27PM |
| Credit: | r0t is credited with the discovery of these vulnerabilities. |
| Vulnerable: |
Unak UNAK-CMS 1.5 RC1 |
| Not Vulnerable: | |
Discussion
Unak CMS Multiple Input Validation Vulnerabilities
Unak CMS is prone to multiple input-validation vulnerabilities. The issues include cross-site scripting and SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.
A successful exploit of these vulnerabilities could allow an attacker to compromise the application, access or modify data, steal cookie-based authentication credentials, or even exploit vulnerabilities in the underlying database implementation. Other attacks are also possible.
Unak CMS versions 1.5 RC2 and earlier are vulnerable to these issues.
Unak CMS is prone to multiple input-validation vulnerabilities. The issues include cross-site scripting and SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.
A successful exploit of these vulnerabilities could allow an attacker to compromise the application, access or modify data, steal cookie-based authentication credentials, or even exploit vulnerabilities in the underlying database implementation. Other attacks are also possible.
Unak CMS versions 1.5 RC2 and earlier are vulnerable to these issues.
Exploit / POC
Unak CMS Multiple Input Validation Vulnerabilities
These issues can be exploited through a web client.
These issues can be exploited through a web client.
Solution / Fix
Unak CMS Multiple Input Validation Vulnerabilities
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
References
Unak CMS Multiple Input Validation Vulnerabilities
References:
References:
- Unak CMS vuln. (r0t)
- UNAK-CMS Homepage (UNAK)