header-logo
Suggest Exploit
vendor:
exJune Office Message System
by:
ByALBAYX
8,8
CVSS
HIGH
SQL Injection, Cross-Site Scripting
89, 79
CWE
Product Name: exJune Office Message System
Affected Version From: 1.0
Affected Version To: 1.0
Patch Exists: YES
Related CWE: CVE-2009-2090
CPE: cpe:a:exjune:exjune_office_message_system:1.0
Metasploit: https://www.rapid7.com/db/vulnerabilities/ibm-was-cve-2009-2090/https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2010-0602/
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows, Linux, Mac
2009

exJune Office Message System v1 – Multiple Vulnerabilities

exJune Office Message System v1 is prone to multiple vulnerabilities, including SQL injection and cross-site scripting. An attacker can exploit these issues to manipulate SQL queries, steal cookie-based authentication credentials, control how the site is rendered to the user, and potentially compromise the application and the underlying computer.

Mitigation:

Upgrade to the latest version of exJune Office Message System v1.
Source

Exploit-DB raw data:

@~~=======================================~~@
====C4TEAM.ORG====ByALBAYX====C4TEAM.ORG=====
@~~=======================================~~@
@~~=Author   : ByALBAYX

@~~=Website  : WWW.C4TEAM.ORG
@~~===============TURKISH=================~~@

@~~=======================================~~@
@~~=Script   : exJune Office Message System v1

@~~=S.Site   : http://exjune.com

@~~=Demo     : http://exjune.com/products/messages/index.asp
@~~=======================================~~@
@~~=Vul :

@~~=http://c4team.org/ [Path] /configure.asp

@~~=http://c4team.org/ [Path] /addmessage2.asp?id=179

Vs.. 

@~~=======================================~~@

@~~=:/

# milw0rm.com [2009-05-20]

Navigation

Suggest Exploit

Services By CQR