MTCMS Multiple Input Validation Vulnerabilities
BID:22690
Info
MTCMS Multiple Input Validation Vulnerabilities
| Bugtraq ID: | 22690 |
| Class: | Input Validation Error |
| CVE: |
CVE-2007-1129 |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 23 2007 12:00AM |
| Updated: | May 12 2015 07:34PM |
| Credit: | Laurent Gaffié is credited with the discovery of these vulnerabilities. |
| Vulnerable: |
MTCMS MTCMS 2.2 |
| Not Vulnerable: | |
Discussion
MTCMS Multiple Input Validation Vulnerabilities
MTCMS is prone to multiple input-validation issues, including two arbitrary-file-upload vulnerabilities and two HTML-injection vulnerabilities.
Attackers can exploit these issues to execute arbitrary HTML or script code in the context of the webserver process.
Exploiting these issues may allow attackers to compromise the application and the underlying system or to steal cookie-based authentication credentials; other attacks are also possible.
MTCMS is prone to multiple input-validation issues, including two arbitrary-file-upload vulnerabilities and two HTML-injection vulnerabilities.
Attackers can exploit these issues to execute arbitrary HTML or script code in the context of the webserver process.
Exploiting these issues may allow attackers to compromise the application and the underlying system or to steal cookie-based authentication credentials; other attacks are also possible.
Exploit / POC
MTCMS Multiple Input Validation Vulnerabilities
Attackers can exploit these issues via a web client.
Attackers can exploit these issues via a web client.
Solution / Fix
MTCMS Multiple Input Validation Vulnerabilities
Solution:
Currently we are not aware of any solutions for these issues. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any solutions for these issues. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
MTCMS Multiple Input Validation Vulnerabilities
References:
References:
- MTCMS Homepage (MTCMS)
- MTCMS multiple upload vulnerabilities (laurent gaffié)