RedCMS Multiple Input-Validation Vulnerabilities

vendor:

RedCMS

by:

SecurityFocus

8.8

CVSS

HIGH

HTML-injection and SQL-injection

79, 89

CWE

Product Name: RedCMS

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: N/A

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2006

RedCMS Multiple Input-Validation Vulnerabilities

RedCMS is prone to multiple input-validation vulnerabilities due to a failure in the application to properly sanitize user-supplied input. A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation. Arbitrary script code may also be executed in the browser of an unsuspecting user in the context of the affected site; this may help the attacker steal cookie-based authentication credentials and launch other attacks.

Mitigation:

Input validation should be used to ensure that untrusted data is not used to execute unintended commands.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/17336/info

RedCMS is prone to multiple input-validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. 

The application is prone to HTML-injection and SQL-injection vulnerabilities. A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation. Arbitrary script code may also be executed in the browser of an unsuspecting user in the context of the affected site; this may help the attacker steal cookie-based authentication credentials and launch other attacks.

http://www.example.com/redcms/profile.php? id=99'% 20union%20select% 201,2,3,4,5, 6,7,8,9,10, 11,12,13,14, 15,161,7,18, 19,20/*