Kubix CMS Multiple Input Validation Vulnerabilities
BID:21352
Info
Kubix CMS Multiple Input Validation Vulnerabilities
| Bugtraq ID: | 21352 |
| Class: | Input Validation Error |
| CVE: |
CVE-2006-7117 |
| Remote: | Yes |
| Local: | No |
| Published: | Nov 29 2006 12:00AM |
| Updated: | Jul 06 2016 02:40PM |
| Credit: | BlackHawk is credited with the discovery of these vulnerabilities. |
| Vulnerable: |
Kubix Kubix 0.7 |
| Not Vulnerable: | |
Discussion
Kubix CMS Multiple Input Validation Vulnerabilities
Kubix CMS is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied input data.
Exploiting these issues could allow an attacker to access or modify sensitive data, execute arbitrary script code in the context of the application, compromise the application, and possibly exploit latent vulnerabilities in the underlying system; other attacks are also possible.
Kubix CMS 0.7 and prior versions are vulnerable.
Kubix CMS is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied input data.
Exploiting these issues could allow an attacker to access or modify sensitive data, execute arbitrary script code in the context of the application, compromise the application, and possibly exploit latent vulnerabilities in the underlying system; other attacks are also possible.
Kubix CMS 0.7 and prior versions are vulnerable.
Exploit / POC
Kubix CMS Multiple Input Validation Vulnerabilities
An attacker can exploit these issues via a web client.
Sample exploit code has been provided:
An attacker can exploit these issues via a web client.
Sample exploit code has been provided:
Solution / Fix
Kubix CMS Multiple Input Validation Vulnerabilities
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].