fuzzylime (cms) Arbitrary Script Injection and Local File Include Vulnerabilities
BID:30213
Info
fuzzylime (cms) Arbitrary Script Injection and Local File Include Vulnerabilities
| Bugtraq ID: | 30213 |
| Class: | Input Validation Error |
| CVE: |
CVE-2008-6833 |
| Remote: | Yes |
| Local: | No |
| Published: | Jul 13 2008 12:00AM |
| Updated: | Jun 30 2009 10:19PM |
| Credit: | real |
| Vulnerable: | |
| Not Vulnerable: | |
Discussion
fuzzylime (cms) Arbitrary Script Injection and Local File Include Vulnerabilities
'fuzzylime (cms)' is prone to an arbitrary-script-injection vulnerability and a local file-include vulnerability because it fails to properly sanitize user-supplied input.
An attacker can exploit the arbitrary script-injection issue to execute arbitrary script code in the context of the webserver. Successful exploits can compromise the application.
The attackers can also exploit the local file-include issue to execute arbitrary local script code and obtain sensitive information that may aid in further attacks.
These issues affect fuzzylime (cms) 3.01; other versions may also be affected.
'fuzzylime (cms)' is prone to an arbitrary-script-injection vulnerability and a local file-include vulnerability because it fails to properly sanitize user-supplied input.
An attacker can exploit the arbitrary script-injection issue to execute arbitrary script code in the context of the webserver. Successful exploits can compromise the application.
The attackers can also exploit the local file-include issue to execute arbitrary local script code and obtain sensitive information that may aid in further attacks.
These issues affect fuzzylime (cms) 3.01; other versions may also be affected.
Exploit / POC
fuzzylime (cms) Arbitrary Script Injection and Local File Include Vulnerabilities
Attackers can exploit this issue via a browser.
The following exploit code is available:
Attackers can exploit this issue via a browser.
The following exploit code is available:
Solution / Fix
fuzzylime (cms) Arbitrary Script Injection and Local File Include Vulnerabilities
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
fuzzylime (cms) Arbitrary Script Injection and Local File Include Vulnerabilities
References:
References:
- fuzzylime cms Homepage (fuzzylime cms)