CMSLogik Arbitrary File Upload and Multiple HTML Injection Vulnerabilities

Bugtraq ID:	59059
Class:	Input Validation Error
CVE:
Remote:	Yes
Local:	No
Published:	Feb 14 2013 12:00AM
Updated:	Feb 14 2013 12:00AM
Credit:	Gjoko Krstic 'LiquidWorm'
Vulnerable:
Not Vulnerable:

CMSLogik Arbitrary File Upload and Multiple HTML Injection Vulnerabilities

CMSLogik is prone to an arbitrary file-upload vulnerability and multiple HTML-injection vulnerabilities because it fails to properly sanitize user-supplied input.

An attacker could exploit these issues to execute arbitrary script code in a user's browser in the context of the affected site or to execute arbitrary code on the server.

CMSLogik 1.2.0 and 1.2.1 are vulnerable.

CMSLogik Arbitrary File Upload and Multiple HTML Injection Vulnerabilities

An attacker can exploit these issues through a browser.

The following example code and URIs are available:

• /data/vulnerabilities/exploits/59059_1.py
• /data/vulnerabilities/exploits/59059_2.txt

CMSLogik Arbitrary File Upload and Multiple HTML Injection Vulnerabilities

Solution:
Currently, we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

CMSLogik Arbitrary File Upload and Multiple HTML Injection Vulnerabilities

References: