CVE-2015-2214 – NetCat CMS Full Path Disclosure (Information Disclosure) Web Security Vulnerabilities

theusgovernm

 

CVE-2015-2214 – NetCat CMS Full Path Disclosure (Information Disclosure) Web Security Vulnerabilities


 

Exploit Title: CVE-2015-2214 NetCat CMS Full Path Disclosure Web Security Vulnerabilities

Product: NetCat CMS (Content Management System)

Vendor: NetCat

Vulnerable Versions: 5.01 3.12 3.0 2.4 2.3 2.2 2.1 2.0 1.1

Tested Version: 5.01 3.12

Advisory Publication: February 27, 2015

Latest Update: May 05, 2015

Vulnerability Type: Information Leak / Disclosure [CWE-200]

CVE Reference: CVE-2015-2214

Impact CVSS Severity (version 2.0):

CVSS v2 Base Score: 5.0 (MEDIUM) (AV:N/AC:L/Au:N/C:P/I:N/A:N) (legend)

Impact Subscore: 2.9

Exploitability Subscore: 10.0

CVSS Version 2 Metrics:

Access Vector: Network exploitable

Access Complexity: Low

Authentication: Not required to exploit

Impact Type: Allows unauthorized disclosure of information

Credit and Writer: Wang Jing [School of Physical and Mathematical Sciences (SPMS), Nanyang Technological University (NTU), Singapore] (@justqdjing)

 
 
 

Consultation Details:


 

(1) Vendor & Product Description:

Vendor:

NetCat


 

Product & Version:

NetCat

5.01 3.12 3.0 2.4 2.3 2.2 2.1 2.0 1.1


 

Vendor URL & Download:

NetCat can be accessed from here,

http://netcat.ru/


 

Product Introduction Overview:

NetCat.ru is russian local company. “NetCat designed to create an absolute majority of the types of sites: from simple “business card” with a minimum content to complex web-based systems, from corporate offices to online stores, libraries or media data – in other words, projects completely different directions and at any level of complexity. View examples of sites running on NetCat CMS can be in a special section.”


“Manage the site on the basis of NetCat can even inexperienced user, because it does not require knowledge of Internet technologies, programming and markup languages. NetCat constantly improving, adds new features. In the process of finalizing necessarily take into account the wishes of our partners and clients, as well as trends in Internet development. More than 2,000 studios and private web developers have chosen for their projects is NetCat, and in 2013 sites, successfully working on our CMS, created more than 18,000.”


“We give a discount on any edition NetCat

We try to help our partners to enter into a close-knit team. To reduce your expenses on the development of a new system, we provide special conditions for the acquisition of commercial licenses NetCat, for a partner is assigned a permanent discount of 40%, which according to the results of further sales could be increased to 60%.”


“Teach your developers work with the secrets NetCat

In addition to the detailed documentation and video tutorials to new partners we offer a unique free service – direct contact with the developer from the team NetCat, which will help in the development of product development tools.”


“We give customers

Once you develop the three sites NetCat information about you appear in our ranking developers. This means that you not only begin to receive direct requests from clients but also become a member of tenders conducted by customers. In addition, if the partner is really good work, employees NetCat begin recommending it to clients requesting assistance in the choice of contractor.”


“We will help in the promotion of

The company is a regular participant NetCat large number of forums, seminars and conferences. We are happy to organize together with partners involved, help with advertising materials and share information for the report.”


“Confirmed its status in the eyes of customers

We have a very flexible system of certification of partners: we do not give certificates for the sale of licenses and for the developed sites. So, for example, to obtain a certificate “Development of corporate websites’ to add to your personal account three implementation of the appropriate type.”

 
 

(2) Vulnerability Details:

NetCat web application has a computer security bug problem. It can be exploited by information leakage attacks – Full Path Disclosure (FPD). This may allow a remote attacker to disclose the software’s installation path. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.


Several other similar products 0-day vulnerabilities have been found by some other bug hunter researchers before. Netcat has patched some of them. FusionVM Vulnerability Management and Compliance provides sources for the latest info-sec news, tools, and advisories. It has published suggestions, advisories, solutions details related to important vulnerabilities.

 

(2.1) The first programming code flaw occurs at “&redirect_url” parameter in “netshop/post.php?” page.

 
 
 
 
 

References:

http://tetraph.com/security/full-path-disclosure-vulnerability/netcat-cms-full-path-disclosure-information-disclosure-security-vulnerabilities/

http://securityrelated.blogspot.com/2015/02/netcat-cms-full-path-disclosure.html

http://seclists.org/fulldisclosure/2015/Mar/8

https://www.mail-archive.com/fulldisclosure%40seclists.org/msg01740.html

http://permalink.gmane.org/gmane.comp.security.fulldisclosure/1645

http://lists.openwall.net/full-disclosure/2015/03/02/6

http://static-173-79-223-25.washdc.fios.verizon.net/?l=full-disclosure&m=142527117510514&w=2

http://marc.info/?l=full-disclosure&m=142527117510514&w=4

https://itinfotechnology.wordpress.com/2015/02/25/netcat-cms-full-path-disclosure-information-disclosure-security-vulnerabilities/

http://www.tetraph.com/blog/information-leakage-vulnerability/cve-2015-2214-netcat-cms-full-path-disclosure-information-disclosure-web-security-vulnerabilities/

http://essayjeans.blog.163.com/blog/static/2371730742015411113047382/

http://www.weibo.com/1644370627/ChjMoA9hD?type=comment#_rnd1431315096193

http://homehut.lofter.com/post/1d226c81_6eae13a

 

CVE-2015-2066 – DLGuard SQL Injection Web Security Vulnerabilities

Web-Security-Choosing-The-Security

 

CVE-2015-2066 – DLGuard SQL Injection Web Security Vulnerabilities

Exploit Title: CVE-2015-2066 DLGuard /index.php c parameter SQL Injection Web Security Vulnerabilities

Product: DLGuard

Vendor: DLGuard

Vulnerable Versions: v4.5

Tested Version: v4.5

Advisory Publication: February 18, 2015

Latest Update: May 01, 2015

Vulnerability Type: Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) [CWE-89]

CVE Reference: CVE-2015-2066

CVSS Severity (version 2.0):

CVSS v2 Base Score: 7.5 (HIGH) (AV:N/AC:L/Au:N/C:P/I:P/A:P) (legend)

Impact Subscore: 6.4

Exploitability Subscore: 10.0

CVSS Version 2 Metrics:

Access Vector: Network exploitable

Access Complexity: Low

Authentication: Not required to exploit

Impact Type: Allows unauthorized disclosure of information; Allows unauthorized modification; Allows disruption of service

Writer and Reporter: Jing Wang [School of Physical and Mathematical Sciences (SPMS), Nanyang Technological University (NTU), Singapore] (@justqdjing)





Caution Details:

(1) Vendor & Product Description:

Vendor:

DLGuard

Product & Version:

DLGuard

v4.5

Vendor URL & Download:

DLGuard can be downloaded from here,

http://www.dlguard.com/dlginfo/index.php

Product Introduction Overview:

“DLGuard is a powerful, yet easy to use script that you simply upload to your website and then rest assured that your internet business is not only safe, but also much easier to manage, automating the tasks you just don’t have the time for.”

“DLGuard supports the three types, or methods, of sale on the internet:

<1>Single item sales (including bonus products!)

<2>Multiple item sales

<3>Membership websites”

“DLGuard is fully integrated with: PayPal, ClickBank, 2Checkout, Authorize.Net, WorldPay, AlertPay, Ebay, PayDotCom, E-Gold, 1ShoppingCart, Click2Sell, Mal’s E-Commerce, LinkPoint, PagSeguro, CCBill, CommerseGate, DigiResults, FastSpring, JVZoo, MultiSafePay, Paypal Digital Goods, Plimus, RevenueWire/SafeCart, SWReg, WSO Pro, and even tracks your free product downloads. The DLGuard built-in Shopping Cart offers Paypal, Authorize.net, and 2Checkout payment options. The Membership areas allow Paypal, Clickbank, 2Checkout, and LinkPoint recurring billing as well as linking to any PayPal, ClickBank, 2Checkout, Authorize.Net, WorldPay, AlertPay, Ebay, PayDotCom, E-Gold, 1ShoppingCart, E-Bullion, LinkPoint, PagSeguro, CCBill, CommerseGate, DigiResults, FastSpring, JVZoo, MultiSafePay, Paypal Digital Goods, Plimus, RevenueWire/SafeCart, SWReg, WSO Pro single sale and free products so that people who buy your products can access your members area. DLGuard is the perfect solution to secure your single sale item, such as a niche marketing website, software sales, ebook sales, and more! DLGuard not only protects your download page, but it makes setting up new products, or making changes to existing products so much quicker and easier than before.”


(2) Vulnerability Details:

DLGuard web application has a computer security bug problem. It can be exploited by SQL Injection attacks. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

Several similar products vulnerabilities have been found by some other bug hunter researchers before. DLguard has patched some of them. The MITRE Corporation is a not-for-profit company that operates multiple federally funded research and development centers (FFRDCs), which provide innovative, practical solutions for some of our nation’s most critical challenges in defense and intelligence, aviation, civil systems, homeland security, the judiciary, healthcare, and cybersecurity. It has phase, votes, comments and proposed details related to important vulnerabilities.

(2.1) The bug programming flaw vulnerability occurs at “&c” parameter in “index.php?” page.

 
 

References:

http://seclists.org/fulldisclosure/2015/Feb/69

https://www.mail-archive.com/fulldisclosure%40seclists.org/msg01703.html

https://progressive-comp.com/?a=139222176300014&r=1&w=1%E2%80%8B

http://permalink.gmane.org/gmane.comp.security.fulldisclosure/1607

http://lists.openwall.net/full-disclosure/2015/02/18/6

http://marc.info/?a=139222176300014&r=1&w=4

http://www.tetraph.com/blog/sql-injection-vulnerability/cve-2015-2066-dlguard-sql-injection-web-security-vulnerabilities/

http://www.inzeed.com/kaleidoscope/sql-injection-vulnerability/cve-2015-2066-dlguard-sql-injection-web-security-vulnerabilities/

http://diebiyi.com/articles/%E5%AE%89%E5%85%A8/sql-injection-vulnerability/cve-2015-2066-dlguard-sql-injection-web-security-vulnerabilities/

https://plus.google.com/u/0/107140622279666498863/posts/44pDNaZao8v

https://biyiniao.wordpress.com/2015/05/11/cve-2015-2066-dlguard-sql-injection-web-security-vulnerabilities/

http://shellmantis.tumblr.com/post/118658089031/inzeed-cve-2015-2066-dlguard-sql-injection#notes

http://xingzhehong.lofter.com/post/1cfd0db2_6ea8323

http://russiapost.blogspot.ru/2015/05/cve-2015-2066-dlguard-sql-injection-web.html

https://www.facebook.com/computersecurities/posts/375386899314769

http://blog.163.com/greensun_2006/blog/static/11122112201541193421290/

https://twitter.com/tetraphibious/status/597577800023838720

http://www.weibo.com/3973471553/Chj5OFIPk?from=page_1005053973471553_profile&wvr=6&mod=weibotime&type=comment#_rnd1431308778074

 

724CMS 5.01 Multiple XSS (Cross-site Scripting) Security Vulnerabilities

enigma_sifre_cozucu_nettekeyif.net

 

724CMS 5.01 Multiple XSS (Cross-site Scripting) Security Vulnerabilities

 

Exploit Title: 724CMS Multiple XSS (Cross-site Scripting) Security Vulnerabilities

Vendor: 724CMS

Product: 724CMS

Vulnerable Versions: 3.01 4.01 4.59 5.01

Tested Version: 5.01

Advisory Publication: March 15, 2015

Latest Update: March 15, 2015

Vulnerability Type: Cross-Site Scripting [CWE-79]

CVE Reference: *

Impact CVSS Severity (version 2.0):

CVSS v2 Base Score: 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:P/A:N) (legend)

Impact Subscore: 2.9

Exploitability Subscore: 8.6

Credit: Wang Jing [Mathematics, Nanyang Technological University (NTU), Singapore]

 

 

 

Recommendation Details:

 

(1) Vendor & Product Description:

Vendor:

724CMS Enterprise

 

Product & Vulnerable Versions:

724CMS

3.01

4.01

4.59

5.01

 

Vendor URL & download:

724CMS can be purchased from here,

http://724cms.com/

 

Product Introduction Overview:

“724CMS is a content management system (CMS) that has customers spread in Canada, Japan, Korean, the United States, European and many others. It allows publishing, editing and modifying content, organizing, deleting as well as maintenance from a central interface. Meanwhile, 724CMS provides procedures to manage workflow in a collaborative environment.”

“A CMS helps you create and store content in a shared repository. It then manages the relationships between content items for you (e.g. keeping track of where they fit into the site hierarchy). Finally, it ensures that each content item is connected to the right style sheet when it comes to be published. Some CMSs also provide facilities to track the status of content items through editorial processes and workflows.”

 

 

(2) Vulnerability Details:

724CMS web application has a security bug problem. It can be exploited by XSS attacks. This may allow a remote attacker to create a specially crafted request that would execute arbitrary script code in a user’s browser session within the trust relationship between their browser and the server.

Several 724CMS products vulnerabilities have been found by some other bug hunter researchers before. 724CMS has patched some of them. The MITRE Corporation is a not-for-profit company that operates multiple federally funded research and development centers (FFRDCs), which provide innovative, practical solutions for some of our nation’s most critical challenges in defense and intelligence, aviation, civil systems, homeland security, the judiciary, healthcare, and cybersecurity. It has published suggestions, advisories, solutions details related to 724CMS vulnerabilities.

 

(2.1) The first code programming flaw occurs at “/index.php” page with “&Lang” parameter.

(2.2) The second code programming occurs at “/section.php” page with “&Lang”, “&ID”, “&Nav” parameters.

 

 

 

 

References:

http://www.tetraph.com/security/xss-vulnerability/724cms-5-01-multiple-xss-cross-site-scripting-security-vulnerabilities/

http://securityrelated.blogspot.com/2015/03/724cms-501-multiple-xss-cross-site.html

http://www.inzeed.com/kaleidoscope/computer-web-security/724cms-5-01-multiple-xss-cross-site-scripting-security-vulnerabilities/

http://diebiyi.com/articles/%E5%AE%89%E5%85%A8/724cms-5-01-multiple-xss-cross-site-scripting-security-vulnerabilities/

https://computertechhut.wordpress.com/2015/03/14/724cms-5-01-multiple-xss-cross-site-scripting-security-vulnerabilities/

http://marc.info/?l=full-disclosure&m=142576259903051&w=4

https://www.mail-archive.com/fulldisclosure%40seclists.org/msg01737.html

http://en.hackdig.com/?16117.htm

724CMS 5.01 Directory (Path) Traversal Security Vulnerabilities

08NEncryptionKeymaster-1374242307339

 

724CMS 5.01 Directory (Path) Traversal Security Vulnerabilities

 

Exploit Title: 724CMS /section.php Module Parameter Directory Traversal Security Vulnerabilities

Vendor: 724CMS

Product: 724CMS

Vulnerable Versions: 3.01 4.01 4.59 5.01

Tested Version: 5.01

Advisory Publication: March 14, 2015

Latest Update: March 14, 2015

Vulnerability Type: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) [CWE-22]

CVE Reference: *

Impact CVSS Severity (version 2.0):

CVSS v2 Base Score: 7.5 (HIGH) (AV:N/AC:L/Au:N/C:P/I:P/A:P) (legend)

Impact Subscore: 6.4

Exploitability Subscore: 10.0

Discover and Author: Wang Jing [CCRG, Nanyang Technological University (NTU), Singapore]

 

 

 

Recommendation Details:

 

(1) Vendor & Product Description:

Vendor:

724CMS Enterprise

 

Product & Vulnerable Versions:

724CMS

3.01

4.01

4.59

5.01

 

Vendor URL & download:

724CMS can be bargained from here,

http://724cms.com/

 

Product Introduction Overview:

“724CMS is a content management system (CMS) that has customers spread in Canada, Japan, Korean, the United States, European and many others. It allows publishing, editing and modifying content, organizing, deleting as well as maintenance from a central interface. Meanwhile, 724CMS provides procedures to manage workflow in a collaborative environment.”

“A CMS helps you create and store content in a shared repository. It then manages the relationships between content items for you (e.g. keeping track of where they fit into the site hierarchy). Finally, it ensures that each content item is connected to the right style sheet when it comes to be published. Some CMSs also provide facilities to track the status of content items through editorial processes and workflows.”

 

 

(2) Vulnerability Details:

724CMS web application has a security bug problem. It can be exploited by Directory Traversal – Local File Include (LFI) attacks. A local file inclusion (LFI) flaw is due to the script not properly sanitizing user input, specifically path traversal style attacks (e.g. ‘../../’) supplied to the parameters. With a specially crafted request, a remote attacker can include arbitrary files from the targeted host or from a remote host . This may allow disclosing file contents or executing files like PHP scripts. Such attacks are limited due to the script only calling files already on the target host.

Several 724CMS products vulnerabilities have been found by some other bug hunter researchers before. 724CMS has patched some of them. The MITRE Corporation is a not-for-profit company that operates multiple federally funded research and development centers (FFRDCs), which provide innovative, practical solutions for some of our nation’s most critical challenges in defense and intelligence, aviation, civil systems, homeland security, the judiciary, healthcare, and cybersecurity. It has published suggestions, advisories, solutions details related to 724CMS vulnerabilities.

 

(2.1) The first cipher programming flaw occurs at “/section.php” page with “&Module” parameter.

 

 

 

 

References:

http://www.tetraph.com/security/directory-traversal-vulnerability/724cms-5-01-directory-path-traversal-security-vulnerabilities/

http://securityrelated.blogspot.com/2015/03/724cms-501-directory-path-traversal.html

http://www.inzeed.com/kaleidoscope/computer-web-security/724cms-5-01-directory-path-traversal-security-vulnerabilities/

http://diebiyi.com/articles/%E5%AE%89%E5%85%A8/724cms-5-01-directory-path-traversal-security-vulnerabilities/

https://computertechhut.wordpress.com/2015/03/14/724cms-5-01-directory-path-traversal-security-vulnerabilities/

http://marc.info/?a=139222176300014&r=1&w=4

http://en.hackdig.com/wap/?id=17404

 

About Group 超过 99.88% 的链接容易遭受 XSS 和 XFS 攻击

18638880

 
About Group 网站有一个严重的网络安全问题,它容易遭受 XSS (跨站脚本漏洞) XFS (跨Frame脚本漏洞)。这对它的近10亿月访问用户是灾难和毁灭性的。

 

根据漏洞研究者发布的结果POC视频,所有About.com的话题(子域名)都可以被攻击者利用。

 

新加坡南洋理工大学 (NTU) 数学和物理学院 (SPMS) 数学系 (MAS) 的王晶 (Wang Jing) 发布了这个严重的安全漏洞。王晶声称在2014年10月19号,他向 About Group 做了报告,但是迄今为止一直没有收到回复。漏洞的发布时间是2015年2月2号。“到现在为止,漏洞还没有被修复” 王晶说。

 

与此同时,王晶披露 About.com 主页面的搜索域也容易遭受 XSS 攻击。除此之外,他还发布了一些 About.com 的公开重定向漏洞 (Open Redirect). 王说他的测试是在 Windows 8 的 IE (10.0.9200.16750) 和 Mozilla 的 Firefox (34.0), Ubuntu (14.04) 的 Google Chromium 39.0.2171.65-0, 以及 Mac OS X Lion 10.7 的 Apple Safari 6.1.6 上进行的。

 

XSS (Cross- site Scripting) 可以用来窃取用户信息,控制用户浏览器,和进行 DOS (Denial of Service) 攻击。 XFS (Cross-frame Scripting) 也叫 iFrame Injection,可以修改用户浏览器页面内容。

 

在发布漏洞的同时,王晶还说明因为 About Group 的普遍性,它的漏洞可以用来对其他网站进行隐蔽重定向攻击 (Covert Redirect);XFS 则可以用来对计算机和网络进行 DDOS (Distributed Denial of Service) 黑客攻击。这些漏洞发布在著名漏洞平台 Full-Disclosure 上和他的个人博客上。

 

王晶是一名学生安全研究人员。他发布了包括谷歌,脸书,亚马逊,阿里巴巴,电子湾,领英等多家公司网站的重要漏洞以及大量网络应用程序的补丁。
 

 
 
 

相关新闻:
http://www.zdnet.com/article/over-99-percent-of-about-com-links-vulnerable-to-xss-xfs-iframe-attack/
http://www.securityweek.com/xss-xfs-open-redirect-vulnerabilities-found-aboutcom
http://securityaffairs.co/wordpress/33070/hacking/com-affected-xss-xfs-open-redirect-vulnerabilities-since-october-2014.html
http://packetstormsecurity.com/files/130211/About.com-Cross-Site-Scripting.html
http://www.zoomit.ir/it-news/security/17394-about-com-links-vulnerable-to-xss-xfs
http://itsecurity.lofter.com/post/1cfbf9e7_6f05a63
http://tetraph.com/covert_redirect/oauth2_openid_covert_redirect.html
http://securitypost.tumblr.com/post/118837857592/about-group-99-88-xss-xfs-about
http://www.inzeed.com/kaleidoscope/computer-security/about-group-xss-xfs/
https://www.secnews.gr/99percent-about-xss-xfs-attack-exploit
http://www.decomoadesinstalar.com/abrir-codigo-iframe-xss-xfs-ataque-mas-del-99-por
http://permalink.gmane.org/gmane.comp.security.fulldisclosure/1547
http://www.40kalagh.net/about-grope-xss-and-xfs
http://blog.norsecorp.com/2015/02/03/about-com-platform-rife-with-xss-and-iframe-injection-vulnerabilities/

CVE-2014-9558 SmartCMS Multiple SQL Injection Security Vulnerability

CVE-2014-9558 SmartCMS Multiple SQL Injection Security Vulnerability

 

Exploit Title: Smartwebsites SmartCMS v.2 Multiple SQL Injection Security Vulnerabilities
Product: SmartCMS v.2
Vendor: Smartwebsites
Vulnerable Versions: v.2
Tested Version: v.2
Advisory Publication: Jan 22, 2015
Latest Update: Jan 22, 2015
Vulnerability Type: Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) (CWE-89)
CVE Reference: CVE-2014-9558
CVSS Severity (version 2.0):
CVSS v2 Base Score: 7.5 (HIGH) (AV:N/AC:L/Au:N/C:P/I:P/A:P) (legend)
Impact Subscore: 6.4
Exploitability Subscore: 10.0
Credit: Wang Jing [MAS, Nanyang Technological University (NTU), Singapore]

 

 

Advisory Details:

 

(1) Vendor & Product Description

 

Vendor: Smartwebsites

 

Product & Version: SmartCMS v.2

 

Vendor URL & Download:

 

Product Description:
“SmartCMS is one of the most user friendly and smart content management systems there is in the Cyprus market. It makes the content management of a webpage very easy and simple, regardless of the user’s technical skills.”

 

(2) Vulnerability Details:
SmartCMS v.2 has a security vulnerability. It can be exploited by SQL Injection attacks.

 

(2.1) The first vulnerability occurs at “index.php?” page with “pageid” “lang” multiple parameters.

 

(2.2) The second vulnerability occurs at “sitemap.php?” page with “pageid” “lang” multiple parameters.

 

 

References:

 

CVE-2014-9557 SmartCMS Multiple XSS (Cross-Site Scripting) Security Vulnerability

CVE-2014-9557 SmartCMS Multiple XSS (Cross-Site Scripting) Security Vulnerability

 

Exploit Title: Smartwebsites SmartCMS v.2 Multiple XSS Security Vulnerabilities
Product: SmartCMS v.2
Vendor: Smartwebsites
Vulnerable Versions: v.2
Tested Version: v.2
Advisory Publication: Jan 22, 2015
Latest Update: Jan 22, 2015
Vulnerability Type: Cross-Site Scripting [CWE-79]
CVE Reference: CVE-2014-9557
CVSS Severity (version 2.0):
CVSS v2 Base Score: 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:P/A:N) (legend)
Impact Subscore: 2.9
Exploitability Subscore: 8.6
Credit: Wang Jing [MAS, Nanyang Technological University (NTU), Singapore]

 

 

Advisory Details:

 

(1) Vendor & Product Description
Vendor: Smartwebsites
Product & Version: SmartCMS v.2
Vendor URL & Download:
Product Description: “SmartCMS is one of the most user friendly and smart content management systems there is in the Cyprus market. It makes the content management of a webpage very easy and simple, regardless of the user’s technical skills.”

 

(2) Vulnerability Details:
SmartCMS v.2 has a security vulnerability. It can be exploited by XSS attacks.
(2.1) The first vulnerability occurs at “index.php?” page with “pageid” “lang” multiple parameters.
(2.2) The second vulnerability occurs at “sitemap.php?” page with “pageid” “lang” multiple parameters.

 

 

 

 

References: