Fix And Chip CMS Multiple Input Validation Vulnerabilities
BID:21909
Info
Fix And Chip CMS Multiple Input Validation Vulnerabilities
| Bugtraq ID: | 21909 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Jan 06 2007 12:00AM |
| Updated: | Jan 08 2007 06:10PM |
| Credit: | luny is credited with the discovery of these vulnerabilities. |
| Vulnerable: |
Fix and Chip Fix and Chip CMS 1.0 |
| Not Vulnerable: | |
Discussion
Fix And Chip CMS Multiple Input Validation Vulnerabilities
Fix and Chip CMS is prone to multiple input-validation vulnerabilities, including multiple HTML-injection issues and a cross-site scripting issue.
A successful exploit of these vulnerabilities could allow an attacker to compromise the application, access or modify data, or steal cookie-based authentication credentials. Other attacks are also possible.
Version 1.0 is vulnerable to this issue; other versions may also be affected.
Fix and Chip CMS is prone to multiple input-validation vulnerabilities, including multiple HTML-injection issues and a cross-site scripting issue.
A successful exploit of these vulnerabilities could allow an attacker to compromise the application, access or modify data, or steal cookie-based authentication credentials. Other attacks are also possible.
Version 1.0 is vulnerable to this issue; other versions may also be affected.
Exploit / POC
Fix And Chip CMS Multiple Input Validation Vulnerabilities
To exploit the HTML-injection vulnerabilities, an attacker can use a web client.
To exploit the cross-site scripting vulnerability, an attacker must entice an unsuspecting victim into following a malicious URI.
To exploit the HTML-injection vulnerabilities, an attacker can use a web client.
To exploit the cross-site scripting vulnerability, an attacker must entice an unsuspecting victim into following a malicious URI.
Solution / Fix
Fix And Chip CMS Multiple Input Validation Vulnerabilities
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]:[email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]:[email protected].
References
Fix And Chip CMS Multiple Input Validation Vulnerabilities
References:
References:
- Fix & Chips CMS v1.0 ([email protected])
- Fix and Chip CMS Homepage (Fix and Chip)