E-Vision CMS Multiple Input Validation Vulnerabilities
BID:24398
Info
E-Vision CMS Multiple Input Validation Vulnerabilities
| Bugtraq ID: | 24398 |
| Class: | Input Validation Error |
| CVE: |
CVE-2007-3251 CVE-2007-3214 |
| Remote: | Yes |
| Local: | No |
| Published: | Jun 09 2007 12:00AM |
| Updated: | Jul 05 2016 10:00PM |
| Credit: | Silentz is credited with the discovery of these vulnerabilities. |
| Vulnerable: |
Evision Evision CMS 2.02 |
| Not Vulnerable: | |
Discussion
E-Vision CMS Multiple Input Validation Vulnerabilities
E-Vision CMS is prone to multiple input-validation vulnerabilities because the application fails to sanitize user-supplied input. These issues include an SQL-injection vulnerability, an information-disclosure issue, and a local file-include vulnerability.
Exploiting these issues may allow an attacker to compromise the affected application, access or modify data, or exploit latent vulnerabilities in the underlying database.
E-Vision CMS 2.02 is reported vulnerable to these issues.
E-Vision CMS is prone to multiple input-validation vulnerabilities because the application fails to sanitize user-supplied input. These issues include an SQL-injection vulnerability, an information-disclosure issue, and a local file-include vulnerability.
Exploiting these issues may allow an attacker to compromise the affected application, access or modify data, or exploit latent vulnerabilities in the underlying database.
E-Vision CMS 2.02 is reported vulnerable to these issues.
Exploit / POC
E-Vision CMS Multiple Input Validation Vulnerabilities
Attackers can use a browser to exploit these issues.
The following exploit code is available:
Attackers can use a browser to exploit these issues.
The following exploit code is available:
Solution / Fix
E-Vision CMS Multiple Input Validation Vulnerabilities
Solution:
Currently we are not aware of any vendor-supplied patches for these issues. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for these issues. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
E-Vision CMS Multiple Input Validation Vulnerabilities
References:
References:
- e-Vision CMS Home Page (e-Vision)