Etomite CMS Multiple Input Validation Vulnerabilities
BID:21135
Info
Etomite CMS Multiple Input Validation Vulnerabilities
| Bugtraq ID: | 21135 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Nov 12 2006 12:00AM |
| Updated: | Nov 21 2006 10:40PM |
| Credit: | Alfredo Pesoli is credited with the discovery of these vulnerabilities. |
| Vulnerable: |
etomite Etomite CMS 0.6.1.2 |
| Not Vulnerable: | |
Discussion
Etomite CMS Multiple Input Validation Vulnerabilities
Etomite CMS is prone to multiple input-validation vulnerabilities, including a local file-include vulnerability and an SQL-injection issue, because the application fails to sufficiently sanitize user-supplied input.
Exploiting these issues may allow an attacker to compromise the application, access or modify data, exploit latent vulnerabilities in the underlying database implementations, or execute local scripts on the affected webserver.
Version 0.6.1.2 is vulnerable to this issue; other versions may also be affected.
Etomite CMS is prone to multiple input-validation vulnerabilities, including a local file-include vulnerability and an SQL-injection issue, because the application fails to sufficiently sanitize user-supplied input.
Exploiting these issues may allow an attacker to compromise the application, access or modify data, exploit latent vulnerabilities in the underlying database implementations, or execute local scripts on the affected webserver.
Version 0.6.1.2 is vulnerable to this issue; other versions may also be affected.
Exploit / POC
Etomite CMS Multiple Input Validation Vulnerabilities
Attackers can exploit these issues via a web client.
Attackers can exploit these issues via a web client.
Solution / Fix
Etomite CMS Multiple Input Validation Vulnerabilities
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]:[email protected].
NOTE: The vendor released a partial fix that addresses the local file-include vulnerability. Please contact the vendor for more information.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]:[email protected].
NOTE: The vendor released a partial fix that addresses the local file-include vulnerability. Please contact the vendor for more information.
References
Etomite CMS Multiple Input Validation Vulnerabilities
References:
References: