Slash CMS Multiple Input Validation Vulnerabilities

Bugtraq ID:	58667
Class:	Input Validation Error
CVE:
Remote:	Yes
Local:	No
Published:	Mar 21 2013 12:00AM
Updated:	Mar 21 2013 12:00AM
Credit:	DaOne aka Mocking Bird
Vulnerable:	Slash CMS Slash CMS 0
Not Vulnerable:

Slash CMS Multiple Input Validation Vulnerabilities

Slash CMS is prone to the following input-validation vulnerabilities:

1. An arbitrary file-upload vulnerability
2. An SQL-injection vulnerability
3. A cross-site scripting vulnerability

Exploiting these issues could allow an attacker to execute arbitrary script code, steal cookie-based authentication credentials, upload arbitrary files, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Slash CMS Multiple Input Validation Vulnerabilities

An attacker can exploit these issues through a browser. To exploit a cross-site scripting vulnerability the attacker must entice an unsuspecting victim to follow a malicious URI.

The following example data is available:

• /data/vulnerabilities/exploits/58667.txt

Slash CMS Multiple Input Validation Vulnerabilities

Solution:
Currently, we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Slash CMS Multiple Input Validation Vulnerabilities

References:

• Slash CMS Home Page (Slash CMS)