SQL Injection Vulnerabilities in 4site CMS

High-Tech Bridge SA Security Research Lab has discovered three vulnerabilities in 4site CMS which could be exploited to execute arbitrary SQL commands in application`s database.

1. SQL injection vulnerabilities in 4site CMS: CVE-2010-4152
   1.1 The vulnerability exists due to insufficient validation of input data passed to the “cat” parameter in catalog/index.shtml (“Catalog” module). A remote attacker can send a specially crafted HTTP GET request to the vulnerable script and execute arbitrary SQL commands in applications database. Successful exploitation may allow an attacker to read, modify, add or delete arbitrary data in the database. Exploitation example: http://host/catalog/index.shtml?cat=-1+UNION+SELECT+@@version 1.2 The vulnerability exists due to insufficient validation of input data passed to the "i" parameter in portfolio/index.shtml (""Goods" module) when parameter "s" is set. A remote attacker can send a specially crafted HTTP GET request to the vulnerable script and execute arbitrary SQL commands in applications database. Successful exploitation may allow an attacker to read, modify, add or delete arbitrary data in the database.
   Exploitation example:
   http://host/portfolio/index.shtml?s=8&i=-1+UNION+SELECT+1,user(),@@version,4 ,5,6,7,8,9
   1.3 Input passed to the “th” parameter in faq/index.shtml (“FAQ” module) is not properly sanitized before being used in a SQL query. A remote attacker can send a specially crafted HTTP GET request to the vulnerable script and execute arbitrary SQL commands in application`s database. Successful exploitation may allow an attacker to read, modify, add or delete arbitrary data in the database.
   Exploitation example:
   http://host/faq/index.shtml?th=-1+UNION+SELECT+@@version