Lucene search

K
myhack58佚名MYHACK58:62201449284
HistoryJun 11, 2014 - 12:00 a.m.

Jojo CMS X-Forwarded-For header SQL injection vulnerability-vulnerability warning-the black bar safety net

2014-06-1100:00:00
佚名
www.myhack58.com
7

Affected system:

Jojo CMS Jojo CMS < 1.2.2
Description:
--------------------------------------------------------------------------------
BUGTRAQ ID: 5 9 9 3 4
CVE(CAN) ID: CVE-2 0 1 3-3 0 8 1

Jojo CMS is SEO-friendly, scalable, PHP-based CMS.

Jojo CMS 1.2.2 previous version, the plugins/jojo_core/classes/Jojo. php within checkEmailFormat function existsSQL injectionvulnerabilities, a remote attacker through to/articles/test/send X-Forwarded-For HTTP header, use this vulnerability to execute arbitrary SQL commands.

<*source: High-Tech Bridge SA http://www.htbridge.ch/)

Links: http://xforce.iss.net/xforce/xfdb/84285
*>

Recommendations:
--------------------------------------------------------------------------------
Manufacturers patch:

Jojo CMS
\ --------
The current vendor has not provided the patch or upgrade process, we recommend the use of this software users follow the manufacturer’s home page to get the latest version:

https://github.com/JojoCMS/Jojo-CMS