Test ID:	1.3.6.1.4.1.25623.1.0.805292
Category:	Web application abuses
Title:	Adminsystems CMS Multiple Vulnerabilities
Summary:	Adminsystems CMS is prone to multiple vulnerabilities.
Description:	Summary: Adminsystems CMS is prone to multiple vulnerabilities. Vulnerability Insight: Multiple errors exist as, - The upload action in the files.php script does not properly verify or sanitize user-uploaded files via the 'path' parameter. - The index.php script does not validate input to the 'page' parameter before returning it to users. - The /asys/site/system.php script does not validate input to the 'id' parameter before returning it to users. Vulnerability Impact: Successful exploitation will allow remote attackers to execute arbitrary PHP code and execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server. Affected Software/OS: Adminsystems CMS before 4.0.2 Solution: Upgrade to Adminsystems CMS version 4.0.2 or later. CVSS Score: 6.5 CVSS Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2015-1603 BugTraq ID: 72605 http://www.securityfocus.com/bid/72605 http://seclists.org/fulldisclosure/2015/Feb/50 http://packetstormsecurity.com/files/130394/Landsknecht-Adminsystems-CMS-4.0.1-CSRF-XSS-File-Upload.html http://sroesemann.blogspot.de/2015/01/sroeadv-2015-14.html http://sroesemann.blogspot.de/2015/02/report-for-advisory-sroeadv-2015-14.html http://www.openwall.com/lists/oss-security/2015/02/13/11 http://www.openwall.com/lists/oss-security/2015/02/14/1 http://www.openwall.com/lists/oss-security/2015/02/14/5 Common Vulnerability Exposure (CVE) ID: CVE-2015-1604
Copyright	Copyright (C) 2015 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.