Exponent CMS Navigation Module parent Variable SQL Injection

2005-11-19T09:03:18
ID OSVDB:21023
Type osvdb
Reporter Hans Wolters(hans.wolters@xs4all.nl)
Modified 2005-11-19T09:03:18

Description

Vulnerability Description

Exponent CMS contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the Navigation Module not properly sanitizing user-supplied input to the 'parent' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

Exponent CMS contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the Navigation Module not properly sanitizing user-supplied input to the 'parent' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.

Manual Testing Notes

http://[target]/index.php?action=order&parent=41%20or%201&a=1&b=0&module=navigationmodule

References:

Vendor URL: http://sourceforge.net/projects/exponent/ Secunia Advisory ID:17655 Related OSVDB ID: 21027 Related OSVDB ID: 21026 Related OSVDB ID: 21022 Related OSVDB ID: 21024 Related OSVDB ID: 21028 Related OSVDB ID: 21025 Nessus Plugin ID:20211 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-11/0243.html CVE-2005-3762