Anfälligkeitssuche        Suche in 219043 CVE Beschreibungen
und 99761 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.902498
Kategorie:Web application abuses
Titel:V-CMS Multiple Vulnerabilities
Zusammenfassung:This host is running V-CMS and is prone to multiple vulnerabilities.
Beschreibung:Summary:
This host is running V-CMS and is prone to multiple vulnerabilities.

Vulnerability Insight:
The flaws are due to improper validation of user-supplied input
via the 'p' parameter to redirect.php and 'user' parameter to process.php and
'includes/inline_image_upload.php' script, which fails to restrict non-logged
in users to upload any files.

Vulnerability Impact:
Successful exploitation will allow attacker to execute arbitrary
HTML and script code in a user's browser session in the context of a vulnerable
site and to cause SQL Injection attack to gain sensitive information.

Affected Software/OS:
V-CMS version 1.0 and prior.

Solution:
Update V-CMS to version 1.1 or later.

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Querverweis: BugTraq ID: 50706
Common Vulnerability Exposure (CVE) ID: CVE-2011-4826
http://www.securityfocus.com/bid/50706
http://www.autosectools.com/Advisory/V-CMS-1.0-SQL-Injection-235
http://secunia.com/advisories/46861
Common Vulnerability Exposure (CVE) ID: CVE-2011-4827
http://www.autosectools.com/Advisory/V-CMS-1.0-Reflected-Cross-site-Scripting-234
Common Vulnerability Exposure (CVE) ID: CVE-2011-4828
http://www.autosectools.com/Advisory/V-CMS-1.0-Arbitrary-Upload-236
CopyrightCopyright (C) 2011 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.




© 1998-2024 E-Soft Inc. Alle Rechte vorbehalten.