Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
myhack58佚名MYHACK58:62201449284
HistoryJun 11, 2014 - 12:00 a.m.

Jojo CMS X-Forwarded-For header SQL injection vulnerability-vulnerability warning-the black bar safety net

2014-06-1100:00:00
佚名
www.myhack58.com
8
JSON

Affected system:

Jojo CMS Jojo CMS < 1.2.2
Description:
--------------------------------------------------------------------------------
BUGTRAQ ID: 5 9 9 3 4
CVE(CAN) ID: CVE-2 0 1 3-3 0 8 1

Jojo CMS is SEO-friendly, scalable, PHP-based CMS.

Jojo CMS 1.2.2 previous version, the plugins/jojo_core/classes/Jojo. php within checkEmailFormat function existsSQL injectionvulnerabilities, a remote attacker through to/articles/test/send X-Forwarded-For HTTP header, use this vulnerability to execute arbitrary SQL commands.

<*source: High-Tech Bridge SA http://www.htbridge.ch/)

Links: http://xforce.iss.net/xforce/xfdb/84285
*>

Recommendations:
--------------------------------------------------------------------------------
Manufacturers patch:

Jojo CMS
\ --------
The current vendor has not provided the patch or upgrade process, we recommend the use of this software users follow the manufacturer’s home page to get the latest version:

https://github.com/JojoCMS/Jojo-CMS

JSON