Affected system:
Jojo CMS Jojo CMS < 1.2.2
Description:
--------------------------------------------------------------------------------
BUGTRAQ ID: 5 9 9 3 4
CVE(CAN) ID: CVE-2 0 1 3-3 0 8 1
Jojo CMS is SEO-friendly, scalable, PHP-based CMS.
Jojo CMS 1.2.2 previous version, the plugins/jojo_core/classes/Jojo. php within checkEmailFormat function existsSQL injectionvulnerabilities, a remote attacker through to/articles/test/send X-Forwarded-For HTTP header, use this vulnerability to execute arbitrary SQL commands.
<*source: High-Tech Bridge SA http://www.htbridge.ch/)
Links: http://xforce.iss.net/xforce/xfdb/84285
*>
Recommendations:
--------------------------------------------------------------------------------
Manufacturers patch:
Jojo CMS
\ --------
The current vendor has not provided the patch or upgrade process, we recommend the use of this software users follow the manufacturer’s home page to get the latest version: