CMSQlite SQL Injection and Local File Include Vulnerabilities
BID:40195
Info
CMSQlite SQL Injection and Local File Include Vulnerabilities
| Bugtraq ID: | 40195 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | May 15 2010 12:00AM |
| Updated: | May 15 2010 12:00AM |
| Credit: | Stefan Esser |
| Vulnerable: |
Christoph von Both CMSQlite 1.2 |
| Not Vulnerable: | |
Discussion
CMSQlite SQL Injection and Local File Include Vulnerabilities
CMSQlite is prone to an SQL-injection vulnerability and a local file-include vulnerability because it fails to sufficiently sanitize user-supplied data.
An attacker can exploit these vulnerabilities to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database; by using directory-traversal strings to execute local script code in the context of the application, the attacker may be able to obtain sensitive information that may aid in further attacks.
CMSQlite 1.2 is vulnerable; other versions may also be affected.
CMSQlite is prone to an SQL-injection vulnerability and a local file-include vulnerability because it fails to sufficiently sanitize user-supplied data.
An attacker can exploit these vulnerabilities to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database; by using directory-traversal strings to execute local script code in the context of the application, the attacker may be able to obtain sensitive information that may aid in further attacks.
CMSQlite 1.2 is vulnerable; other versions may also be affected.
Solution / Fix
CMSQlite SQL Injection and Local File Include Vulnerabilities
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
CMSQlite SQL Injection and Local File Include Vulnerabilities
References:
References:
- CMSQlite Homepage (CMSQLite)
- MOPS-2010-029: CMSQlite c Parameter SQL Injection Vulnerability (Stefan Esser)
- MOPS-2010-030: CMSQlite mod Parameter Local File Inclusion Vulnerability (Stefan Esser)