Dev4U CMS Index.PHP Multiple Input Validation Vulnerabilities

Bugtraq ID:	21170
Class:	Input Validation Error
CVE:
Remote:	Yes
Local:	No
Published:	Nov 18 2006 12:00AM
Updated:	Nov 22 2006 09:20PM
Credit:	David Vieira-Kurz is credited with the discovery of this vulnerability.
Vulnerable:	dev4u dev4u 0
Not Vulnerable:

Dev4U CMS Index.PHP Multiple Input Validation Vulnerabilities

The dev4u CMS program is prone to multiple input-validation vulnerabilities, including SQL-injection and cross-site scripting issues, because it fails to sufficiently sanitize user-supplied data.

Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.

Dev4U CMS Index.PHP Multiple Input Validation Vulnerabilities

An attacker can exploit these issues via a web client.

Dev4U CMS Index.PHP Multiple Input Validation Vulnerabilities

Solution:
Currently we are not aware of any vendor-supplied patches for these issues. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]:[email protected].

Dev4U CMS Index.PHP Multiple Input Validation Vulnerabilities

References:

• Vendor Homepage (dev4u)
  
• dev4u CMS - Multiple SQL Injection and Cross Site Scripting Issues (David Vieira-Kurz)