vendor:
Huron CMS
by:
mat
7,5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Huron CMS
Affected Version From: 8 11 2007
Affected Version To: 8 11 2007
Patch Exists: NO
Related CWE: N/A
CPE: a:huroncms:huron_cms
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2007
Huron CMS 8 11 2007 (Auth Bypass) SQL Injection Vulnerability
An authentication bypass vulnerability exists in Huron CMS 8 11 2007 due to improper sanitization of user-supplied input. An attacker can exploit this vulnerability to bypass authentication and gain access to the application. The vulnerability is due to the application not properly sanitizing user-supplied input to the ‘usr’ and ‘pas’ parameters of the ‘index.php’ script. An attacker can exploit this vulnerability by supplying a specially crafted input containing an SQL statement that when executed will bypass authentication.
Mitigation:
Input validation should be used to ensure that untrusted data is not used to modify the application’s logic. All input should be validated and filtered before being used in SQL statements.
