RETIRED: TGS Content Management Arbitrary Script Injection Vulnerability
BID:30528
Info
RETIRED: TGS Content Management Arbitrary Script Injection Vulnerability
| Bugtraq ID: | 30528 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Aug 03 2008 12:00AM |
| Updated: | Aug 12 2008 04:36PM |
| Credit: | 0in |
| Vulnerable: |
TGS Content Management TGS Content Management 0.3.2r2 |
| Not Vulnerable: | |
Discussion
RETIRED: TGS Content Management Arbitrary Script Injection Vulnerability
TGS Content Management is prone to an arbitrary-script-injection vulnerability because it fails to properly sanitize user-supplied input.
An attacker can exploit this issue to execute arbitrary script code in the context of the webserver. Successful exploits can compromise the application.
This issue affects TGS Content Management 0.3.2r2; other versions may also be affected.
This BID is being retired as the vulnerability can not be exploited as described.
TGS Content Management is prone to an arbitrary-script-injection vulnerability because it fails to properly sanitize user-supplied input.
An attacker can exploit this issue to execute arbitrary script code in the context of the webserver. Successful exploits can compromise the application.
This issue affects TGS Content Management 0.3.2r2; other versions may also be affected.
This BID is being retired as the vulnerability can not be exploited as described.
Exploit / POC
RETIRED: TGS Content Management Arbitrary Script Injection Vulnerability
Attackers can exploit this issue via a browser.
The following exploit code is available:
Attackers can exploit this issue via a browser.
The following exploit code is available:
Solution / Fix
RETIRED: TGS Content Management Arbitrary Script Injection Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
RETIRED: TGS Content Management Arbitrary Script Injection Vulnerability
References:
References:
- TGS Content Management Homepage (TGS Content Management)
- Re: TGS CMS Remote Code Execution Exploit (lcat
- TGS CMS Remote Code Execution Exploit ([email protected])