Voxel Dot Net CBms 0.x - Multiple Code Injection Vulnerabilities

2002-06-06T00:00:00
ID EXPLOITPACK:910CECBD457CBB6F271919E5603C8E13
Type exploitpack
Reporter Ulf Harnhammar
Modified 2002-06-06T00:00:00

Description

Voxel Dot Net CBms 0.x - Multiple Code Injection Vulnerabilities

                                        
                                            source: https://www.securityfocus.com/bid/4957/info

It has been reported that multiple vulnerabilities exist in CBMS. Reportedly, it is possible to inject both JavaScript and SQL code into the system. It may be possible to execute script code within the context of the site as an authenticated administrator, or to view or modify sensitive database information through the subversion of an SQL query.

These issues have been reported in version 0.7 of CBMS. Other versions may share these vulnerabilities, this has not however been confirmed.

dltclnt.php?choice=yes&idnum=clientid