Connectix Board Multiple Input Validation Vulnerabilities
BID:22656
Info
Connectix Board Multiple Input Validation Vulnerabilities
| Bugtraq ID: | 22656 |
| Class: | Input Validation Error |
| CVE: |
CVE-2006-4838 CVE-2006-4836 CVE-2006-4837 |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 21 2007 12:00AM |
| Updated: | Feb 22 2007 08:36PM |
| Credit: | DarkFig is credited with the discovery of these vulnerabilities. |
| Vulnerable: |
Connectix Connectix Board 0.7 |
| Not Vulnerable: | |
Discussion
Connectix Board Multiple Input Validation Vulnerabilities
Connectix is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied input. These issues include, multiple SQL-injection vulnerabilities and an arbitrary-file-upload vulnerability.
A successful exploit of these vulnerabilities could allow an attacker to compromise the application, exploit vulnerabilities in the underlying database implementation, and upload and execute arbitrary files within the context of the webserver.
This issue affects version 0.7; other versions may also be affected.
Connectix is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied input. These issues include, multiple SQL-injection vulnerabilities and an arbitrary-file-upload vulnerability.
A successful exploit of these vulnerabilities could allow an attacker to compromise the application, exploit vulnerabilities in the underlying database implementation, and upload and execute arbitrary files within the context of the webserver.
This issue affects version 0.7; other versions may also be affected.
Exploit / POC
Connectix Board Multiple Input Validation Vulnerabilities
An attacker can exploit these issues through a web-client.
The following exploit code is available:
An attacker can exploit these issues through a web-client.
The following exploit code is available:
Solution / Fix
Connectix Board Multiple Input Validation Vulnerabilities
Solution:
Currently we are not aware of any vendor-supplied patches for these issues. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for these issues. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
References
Connectix Board Multiple Input Validation Vulnerabilities
References:
References:
- Connectix Boards Homepage (Connectix)