vendor:
eCMS
by:
SecurityFocus
7.5
CVSS
HIGH
Security Bypass and SQL Injection
89, 564
CWE
Product Name: eCMS
Affected Version From: 2000.4.2
Affected Version To: 2000.4.2
Patch Exists: YES
Related CWE: N/A
CPE: ecms
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008
eCMS Multiple Security Vulnerabilities
eCMS is prone to multiple security vulnerabilities, including a security-bypass issue and an SQL-injection issue. Exploiting these issues may allow an attacker to bypass certain security restrictions and gain unauthorized access to the application. The attacker can also exploit the SQL-injection issue by manipulating the SQL query logic to carry out unauthorized actions on the underlying database. This will compromise the application and may aid in further attacks.
Mitigation:
Ensure that all user-supplied input is validated and filtered before being used in SQL queries. Ensure that all user-supplied input is properly escaped before being used in SQL queries. Ensure that all user-supplied input is properly sanitized before being used in SQL queries. Ensure that all user-supplied input is properly validated before being used in SQL queries.
