Triton CMS Pro 'X-Forwarded-For' Header SQL Injection Vulnerability

Bugtraq ID:	30122
Class:	Input Validation Error
CVE:	CVE-2008-3153
Remote:	Yes
Local:	No
Published:	Jul 07 2008 12:00AM
Updated:	May 07 2015 05:27PM
Credit:	__GiReX__
Vulnerable:	Triton CMS Triton CMS Pro 1.06
Not Vulnerable:

Triton CMS Pro 'X-Forwarded-For' Header SQL Injection Vulnerability

Triton CMS Pro is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query.

A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.

Triton CMS Pro 1.06 is vulnerable; prior versions may also be affected.

Triton CMS Pro 'X-Forwarded-For' Header SQL Injection Vulnerability

Attackers can exploit this issue via a browser.

The following exploit code is available:

• /data/vulnerabilities/exploits/30122.pl

Triton CMS Pro 'X-Forwarded-For' Header SQL Injection Vulnerability

Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Triton CMS Pro 'X-Forwarded-For' Header SQL Injection Vulnerability

References:

• Triton CMS Homepage (Triton CMS)