vendor:
razorCMS
by:
SecurityFocus
7.5
CVSS
HIGH
Local Information Disclosure, Local Access Validation, Security Bypass, and Cross-Site Scripting
200, 264, 352, 79
CWE
Product Name: razorCMS
Affected Version From: 0.3RC2
Affected Version To: 0.3RC2
Patch Exists: YES
Related CWE: N/A
CPE: a:razorcms:razorcms
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008
razorCMS Multiple Vulnerabilities
razorCMS is prone to a local information-disclosure vulnerability, a local access-validation vulnerability, a security-bypass vulnerability, and multiple cross-site-scripting vulnerabilities. Attackers can exploit these issues to gain access to sensitive information, create denial-of-service conditions, gain elevated privileges, or execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. Successful exploits may aid in further attacks.
Mitigation:
Upgrade to the latest version of razorCMS, and apply all security patches provided by the vendor.