TomatoCMS SQL Injection Vulnerability and Multiple HTML Injection Vulnerabilities
BID:40108
Info
TomatoCMS SQL Injection Vulnerability and Multiple HTML Injection Vulnerabilities
| Bugtraq ID: | 40108 |
| Class: | Input Validation Error |
| CVE: |
CVE-2010-1996 CVE-2010-1994 CVE-2010-1995 |
| Remote: | Yes |
| Local: | No |
| Published: | May 12 2010 12:00AM |
| Updated: | Apr 13 2015 09:02PM |
| Credit: | Russ McRee, HolisticInfoSec via Secunia; Secunia Research |
| Vulnerable: |
TIG TomatoCMS 2.0.6 TIG TomatoCMS 2.0.5 TIG TomatoCMS 2.0.4 |
| Not Vulnerable: | |
Discussion
TomatoCMS SQL Injection Vulnerability and Multiple HTML Injection Vulnerabilities
TomatoCMS is prone to a SQL-injection vulnerability and multiple HTML-injection vulnerabilities because it fails to sufficiently sanitize user-supplied input data.
Exploiting these issues may allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database or to execute HTML and script code in the context of the affected site, to steal cookie-based authentication credentials, or to control how the site is rendered to the user; other attacks are also possible.
TomatoCMS 2.0.6 and prior are vulnerable.
TomatoCMS is prone to a SQL-injection vulnerability and multiple HTML-injection vulnerabilities because it fails to sufficiently sanitize user-supplied input data.
Exploiting these issues may allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database or to execute HTML and script code in the context of the affected site, to steal cookie-based authentication credentials, or to control how the site is rendered to the user; other attacks are also possible.
TomatoCMS 2.0.6 and prior are vulnerable.
Exploit / POC
TomatoCMS SQL Injection Vulnerability and Multiple HTML Injection Vulnerabilities
Attackers can exploit these issues via a browser.
The following example URI is available:
http://www.example.com/news/search?q=sdf%22+ANY_SQL_HERE
Attackers can exploit these issues via a browser.
The following example URI is available:
http://www.example.com/news/search?q=sdf%22+ANY_SQL_HERE
Solution / Fix
TomatoCMS SQL Injection Vulnerability and Multiple HTML Injection Vulnerabilities
Solution:
Reports indicate that TomatoCMS 2.0.5 did not properly address all of these issues. Please see the references for details.
Solution:
Reports indicate that TomatoCMS 2.0.5 did not properly address all of these issues. Please see the references for details.
References
TomatoCMS SQL Injection Vulnerability and Multiple HTML Injection Vulnerabilities
References:
References:
- SQL injection vulnerability in TomatoCMS (High-Tech Bridge SA)
- TomatoCMS - Homepage (TIG)
- Secunia Research: TomatoCMS Script Insertion Vulnerabilities (Secunia Research
) - SQL injection vulnerability in TomatoCMS ([email protected])