Multiple input validation vulnerabilities in Mercury CMS

vendor:

Mercury CMS

by:

7.5

CVSS

HIGH

Input Validation

CWE

Product Name: Mercury CMS

Affected Version From: 4

Affected Version To: 4

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested:

Multiple input validation vulnerabilities in Mercury CMS

The vulnerabilities in Mercury CMS are due to a failure in properly sanitizing user-supplied input. Successful exploitation could lead to compromise of the application, disclosure or modification of data, theft of authentication credentials, and other attacks. The vulnerabilities include SQL injection and cross-site scripting (XSS) vulnerabilities.

Mitigation:

To mitigate these vulnerabilities, it is recommended to implement proper input validation and sanitization mechanisms in the application's code. Input should be validated and filtered before being used in database queries or rendered in web pages. Additionally, the use of prepared statements or parameterized queries can help prevent SQL injection attacks.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/15967/info

Mercury CMS is prone to multiple input validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.

Successful exploitation of these vulnerabilities could result in a compromise of the application, disclosure or modification of data, the theft of cookie-based authentication credentials. They may also permit an attacker to exploit vulnerabilities in the underlying database implementation as well as other attacks.

These issues affect version 4.0; other versions may also be vulnerable. 

http://www.example.com/index.cfm?page=[SQL]
http://www.example.com/index.cfm?page=40&criteria=&start=11&title=&content=[XSS]
http://www.example.com/index.cfm?restricted=false&page=10&criteria=[XSS]