Travelon Express CMS Multiple Remote Vulnerabilities
BID:53500
Info
Travelon Express CMS Multiple Remote Vulnerabilities
| Bugtraq ID: | 53500 |
| Class: | Input Validation Error |
| CVE: |
CVE-2012-4281 CVE-2012-2938 CVE-2012-2939 |
| Remote: | Yes |
| Local: | No |
| Published: | May 13 2012 12:00AM |
| Updated: | Mar 19 2015 07:35AM |
| Credit: | the_storm |
| Vulnerable: |
ITechScripts Travelon Express 6.2.2 |
| Not Vulnerable: | |
Discussion
Travelon Express CMS Multiple Remote Vulnerabilities
Travelon Express CMS is prone to multiple remote vulnerabilities because it fails to sufficiently sanitize user-supplied data.
Exploiting these issues could allow an attacker to execute arbitrary script code, upload arbitrary files, steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Travelon Express CMS 6.2.2 is vulnerable; other version may also be affected.
Travelon Express CMS is prone to multiple remote vulnerabilities because it fails to sufficiently sanitize user-supplied data.
Exploiting these issues could allow an attacker to execute arbitrary script code, upload arbitrary files, steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Travelon Express CMS 6.2.2 is vulnerable; other version may also be affected.
Exploit / POC
Travelon Express CMS Multiple Remote Vulnerabilities
An attacker can exploit some of these issues through a browser.
An attacker can exploit some of these issues through a browser.
Solution / Fix
Travelon Express CMS Multiple Remote Vulnerabilities
Solution:
Currently, we are not aware of any vendor-supplied patches. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
Solution:
Currently, we are not aware of any vendor-supplied patches. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
References
Travelon Express CMS Multiple Remote Vulnerabilities
References:
References:
- Travelon Express CMS (ITechScripts)