vendor:
OTSCMS
by:
GregStar (gregstar[at]c4f.pl)
7.5
CVSS
HIGH
Sql Injection / XSS
89
CWE
Product Name: OTSCMS
Affected Version From: OTSCMS 2.1.5
Affected Version To: OTSCMS 2.1.5
Patch Exists: NO
Related CWE:
CPE:
Platforms Tested:
2007
OTSCMS 2.1.5 SQL Injection / XSS
This exploit allows an attacker to perform SQL injection and cross-site scripting (XSS) attacks on OTSCMS version 2.1.5. The vulnerability exists in the 'reply.php' file in the 'mod/PM' directory, specifically in lines 22-26. An attacker can exploit the SQL injection vulnerability by manipulating the 'id' parameter in the 'priv.php' file, allowing them to retrieve sensitive information from the database. The XSS vulnerability can be exploited by injecting malicious JavaScript code into the 'name' parameter in the 'forum.php' file.
Mitigation:
To mitigate the SQL injection vulnerability, it is recommended to sanitize user input and use prepared statements or parameterized queries. To mitigate the XSS vulnerability, input validation and output encoding should be implemented.