devalcms Multiple Input Validation Vulnerabilities
BID:31037
Info
devalcms Multiple Input Validation Vulnerabilities
| Bugtraq ID: | 31037 |
| Class: | Input Validation Error |
| CVE: |
CVE-2008-6983 CVE-2008-6982 |
| Remote: | Yes |
| Local: | No |
| Published: | Sep 05 2008 12:00AM |
| Updated: | Jul 05 2016 10:01PM |
| Credit: | IRCRASH |
| Vulnerable: |
Devalcms Devalcms 1.4a |
| Not Vulnerable: | |
Discussion
devalcms Multiple Input Validation Vulnerabilities
The 'devalcms' program is prone to multiple input-validation vulnerabilities, including:
- A cross-site scripting vulnerability
- A remote code-execution vulnerability
An attacker may leverage these issues to execute arbitrary code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.
The 'devalcms' program is prone to multiple input-validation vulnerabilities, including:
- A cross-site scripting vulnerability
- A remote code-execution vulnerability
An attacker may leverage these issues to execute arbitrary code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.
Exploit / POC
devalcms Multiple Input Validation Vulnerabilities
Attackers can exploit these issues through a browser. To exploit the cross-site scripting vulnerability, an attacker must entice an unsuspecting victim to follow a malicious URI.
The following exploit code is available:
Attackers can exploit these issues through a browser. To exploit the cross-site scripting vulnerability, an attacker must entice an unsuspecting victim to follow a malicious URI.
The following exploit code is available:
Solution / Fix
devalcms Multiple Input Validation Vulnerabilities
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].