V-CMS Multiple Cross Site Scripting Arbitrary File Upload and SQL Injection Vulnerabilities
BID:50706
Info
V-CMS Multiple Cross Site Scripting Arbitrary File Upload and SQL Injection Vulnerabilities
| Bugtraq ID: | 50706 |
| Class: | Input Validation Error |
| CVE: |
CVE-2011-4826 CVE-2011-4827 CVE-2011-4828 |
| Remote: | Yes |
| Local: | No |
| Published: | Nov 17 2011 12:00AM |
| Updated: | Apr 16 2012 08:00AM |
| Credit: | AutoSec Tools |
| Vulnerable: |
V-CMS V-CMS 1.0 |
| Not Vulnerable: | |
Discussion
V-CMS Multiple Cross Site Scripting Arbitrary File Upload and SQL Injection Vulnerabilities
V-CMS is prone to multiple cross-site scripting vulnerabilities, an arbitrary file upload vulnerability, and an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data.
Exploiting these issues could allow an attacker to execute arbitrary script code, upload arbitrary files, steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
V-CMS 1.0 is vulnerable; other version may also be affected.
V-CMS is prone to multiple cross-site scripting vulnerabilities, an arbitrary file upload vulnerability, and an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data.
Exploiting these issues could allow an attacker to execute arbitrary script code, upload arbitrary files, steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
V-CMS 1.0 is vulnerable; other version may also be affected.
Exploit / POC
V-CMS Multiple Cross Site Scripting Arbitrary File Upload and SQL Injection Vulnerabilities
An attacker can exploit some of these issues through a browser. To exploit a cross-site scripting vulnerability the attacker must entice an unsuspecting victim to follow a malicious URI.
The following example URLs are available for the cross-site scripting vulnerabilities:
http://www.example.com/v-cms/redirect.php?p=[XSS]
http://www.example.com/v-cms/includes/TrueColorPicker/index.php?preload=&df=&box=[XSS]
The following exploit is available:
An attacker can exploit some of these issues through a browser. To exploit a cross-site scripting vulnerability the attacker must entice an unsuspecting victim to follow a malicious URI.
The following example URLs are available for the cross-site scripting vulnerabilities:
http://www.example.com/v-cms/redirect.php?p=[XSS]
http://www.example.com/v-cms/includes/TrueColorPicker/index.php?preload=&df=&box=[XSS]
The following exploit is available:
Solution / Fix
V-CMS Multiple Cross Site Scripting Arbitrary File Upload and SQL Injection Vulnerabilities
Solution:
Currently, we are not aware of any vendor-supplied patches. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]
Solution:
Currently, we are not aware of any vendor-supplied patches. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]
References
V-CMS Multiple Cross Site Scripting Arbitrary File Upload and SQL Injection Vulnerabilities
References:
References:
- V-CMS Homepage (V-CMS)
- V-CMS 1.0 Arbitrary File Upload (AutoSec Tools)
- V-CMS 1.0 Cross Site Scripting (AutoSec Tools)
- V-CMS 1.0 SQl-Injection (AutoSec Tools)