fuzzylime (cms) 'polladd.php' Arbitrary Script Injection Vulnerability

Bugtraq ID:	30200
Class:	Input Validation Error
CVE:
Remote:	Yes
Local:	No
Published:	Jul 12 2008 12:00AM
Updated:	Jul 14 2008 11:39PM
Credit:	Inphex and real
Vulnerable:
Not Vulnerable:

fuzzylime (cms) 'polladd.php' Arbitrary Script Injection Vulnerability

'fuzzylime (cms)' is prone to a vulnerability that allows attackers to execute arbitrary script code because it fails to properly sanitize user-supplied input.

An attacker can exploit this issue to execute arbitrary script code in the context of the webserver. Successful exploits can compromise the application.

'fuzzylime (cms)' 3.01 is vulnerable; other versions may also be affected.

fuzzylime (cms) 'polladd.php' Arbitrary Script Injection Vulnerability

Attackers can exploit this issue via a browser.

The following exploit code is available:

• /data/vulnerabilities/exploits/30200.php
• /data/vulnerabilities/exploits/30200.pl

fuzzylime (cms) 'polladd.php' Arbitrary Script Injection Vulnerability

Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

fuzzylime (cms) 'polladd.php' Arbitrary Script Injection Vulnerability

References:

• fuzzylime cms Homepage (fuzzylime cms)