ID OSVDB:24299 Type osvdb Reporter Aliaksandr Hartsuyeu(alex@evuln.com) Modified 2006-03-30T03:17:38
Description
Vulnerability Description
RedCMS contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the register.php script not properly sanitizing user-supplied input to unspecirfied variables. This may allow an attacker to inject or manipulate SQL queries in the backend database.
Solution Description
Currently, there are no known upgrades, patches, or workarounds available to correct this issue.
Short Description
RedCMS contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the register.php script not properly sanitizing user-supplied input to unspecirfied variables. This may allow an attacker to inject or manipulate SQL queries in the backend database.
{"type": "osvdb", "published": "2006-03-30T03:17:38", "href": "https://vulners.com/osvdb/OSVDB:24299", "hashmap": [{"key": "affectedSoftware", "hash": "200720a15d8fd7f89ad7347f95f2df46"}, {"key": "bulletinFamily", "hash": "f9fa10ba956cacf91d7878861139efb9"}, {"key": "cvelist", "hash": "4f2bf17be6dbfdcfcbfcdfac2aabf72f"}, {"key": "cvss", "hash": "88e04999358e76acae57a21bcf224d40"}, {"key": "description", "hash": "707b90423eef935f9a462e4979554b1a"}, {"key": "href", "hash": "6eac901cdbb30cc3d8c5dad79b3b8a26"}, {"key": "modified", "hash": "734d9446dd1f8675c75464fc84980bba"}, {"key": "objectVersion", "hash": "56765472680401499c79732468ba4340"}, {"key": "published", "hash": "734d9446dd1f8675c75464fc84980bba"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "93c555ddf4281f3e77af93fe9b03bcc4"}, {"key": "title", "hash": "6199f1280bac56178bf236073a23258d"}, {"key": "type", "hash": "1327ac71f7914948578f08c54f772b10"}], "bulletinFamily": "software", "cvss": {"vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/", "score": 5.1}, "viewCount": 0, "history": [], "edition": 1, "objectVersion": "1.2", "reporter": "Aliaksandr Hartsuyeu(alex@evuln.com)", "title": "RedCMS register.php SQL Injection", "affectedSoftware": [{"operator": "eq", "version": "0.1", "name": "RedCMS"}], "enchantments": {"score": {"vector": "NONE", "value": 7.5}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2006-1569"]}, {"type": "osvdb", "idList": ["OSVDB:24297", "OSVDB:24298"]}, {"type": "exploitdb", "idList": ["EDB-ID:27538", "EDB-ID:27539"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:12229"]}], "modified": "2017-04-28T13:20:21"}, "vulnersScore": 7.5}, "references": [], "id": "OSVDB:24299", "hash": "2fac3b2d36df6247fb9dca06e017c6ff3fd816aa3deee93f4fd9e893b051d726", "lastseen": "2017-04-28T13:20:21", "cvelist": ["CVE-2006-1569"], "modified": "2006-03-30T03:17:38", "description": "## Vulnerability Description\nRedCMS contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the register.php script not properly sanitizing user-supplied input to unspecirfied variables. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nRedCMS contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the register.php script not properly sanitizing user-supplied input to unspecirfied variables. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## References:\nVendor URL: http://redcms.co.uk/\n[Secunia Advisory ID:19475](https://secuniaresearch.flexerasoftware.com/advisories/19475/)\n[Related OSVDB ID: 24296](https://vulners.com/osvdb/OSVDB:24296)\n[Related OSVDB ID: 24298](https://vulners.com/osvdb/OSVDB:24298)\n[Related OSVDB ID: 24297](https://vulners.com/osvdb/OSVDB:24297)\nOther Advisory URL: http://evuln.com/vulns/115/summary.html\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-04/0269.html\nKeyword: EV0115\nISS X-Force ID: 25578\nFrSIRT Advisory: ADV-2006-1186\n[CVE-2006-1569](https://vulners.com/cve/CVE-2006-1569)\nBugtraq ID: 17336\n"}
{"cve": [{"lastseen": "2018-10-19T11:35:58", "bulletinFamily": "NVD", "description": "Multiple SQL injection vulnerabilities in RedCMS 0.1 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameters to (a) login.php or (b) register.php; or (3) u parameter to (c) profile.php.", "modified": "2018-10-18T12:33:28", "published": "2006-03-31T19:04:00", "id": "CVE-2006-1569", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-1569", "title": "CVE-2006-1569", "type": "cve", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "osvdb": [{"lastseen": "2017-04-28T13:20:21", "bulletinFamily": "software", "description": "## Vulnerability Description\nRedCMS contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the login.php script not properly sanitizing user-supplied input to the 'username' and 'password' variables. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nRedCMS contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the login.php script not properly sanitizing user-supplied input to the 'username' and 'password' variables. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## References:\nVendor URL: http://redcms.co.uk/\n[Secunia Advisory ID:19475](https://secuniaresearch.flexerasoftware.com/advisories/19475/)\n[Related OSVDB ID: 24299](https://vulners.com/osvdb/OSVDB:24299)\n[Related OSVDB ID: 24296](https://vulners.com/osvdb/OSVDB:24296)\n[Related OSVDB ID: 24298](https://vulners.com/osvdb/OSVDB:24298)\nOther Advisory URL: http://evuln.com/vulns/115/summary.html\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-04/0269.html\nKeyword: EV0115\nISS X-Force ID: 25578\nFrSIRT Advisory: ADV-2006-1186\n[CVE-2006-1569](https://vulners.com/cve/CVE-2006-1569)\nBugtraq ID: 17336\n", "modified": "2006-03-30T03:17:38", "published": "2006-03-30T03:17:38", "href": "https://vulners.com/osvdb/OSVDB:24297", "id": "OSVDB:24297", "type": "osvdb", "title": "RedCMS login.php Multiple Variable SQL Injection", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:21", "bulletinFamily": "software", "description": "## Vulnerability Description\nRedCMS contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the profile.php script not properly sanitizing user-supplied input to the 'u' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nRedCMS contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the profile.php script not properly sanitizing user-supplied input to the 'u' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## References:\nVendor URL: http://redcms.co.uk/\n[Secunia Advisory ID:19475](https://secuniaresearch.flexerasoftware.com/advisories/19475/)\n[Related OSVDB ID: 24299](https://vulners.com/osvdb/OSVDB:24299)\n[Related OSVDB ID: 24296](https://vulners.com/osvdb/OSVDB:24296)\n[Related OSVDB ID: 24297](https://vulners.com/osvdb/OSVDB:24297)\nOther Advisory URL: http://evuln.com/vulns/115/summary.html\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-04/0269.html\nKeyword: EV0115\nISS X-Force ID: 25578\nFrSIRT Advisory: ADV-2006-1186\n[CVE-2006-1569](https://vulners.com/cve/CVE-2006-1569)\nBugtraq ID: 17336\n", "modified": "2006-03-30T03:17:38", "published": "2006-03-30T03:17:38", "href": "https://vulners.com/osvdb/OSVDB:24298", "id": "OSVDB:24298", "type": "osvdb", "title": "RedCMS profile.php u Variable SQL Injection", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "exploitdb": [{"lastseen": "2016-02-03T06:10:15", "bulletinFamily": "exploit", "description": "RedCMS 0.1 login.php Multiple Parameter SQL Injection. CVE-2006-1569. Webapps exploit for php platform", "modified": "2006-03-31T00:00:00", "published": "2006-03-31T00:00:00", "id": "EDB-ID:27539", "href": "https://www.exploit-db.com/exploits/27539/", "type": "exploitdb", "title": "RedCMS 0.1 login.php Multiple Parameter SQL Injection", "sourceData": "source: http://www.securityfocus.com/bid/17336/info\r\n \r\nRedCMS is prone to multiple input-validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. \r\n \r\nThe application is prone to HTML-injection and SQL-injection vulnerabilities. A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation. Arbitrary script code may also be executed in the browser of an unsuspecting user in the context of the affected site; this may help the attacker steal cookie-based authentication credentials and launch other attacks.\r\n\r\nURL: http://www.example.com/redcms/login.php\r\nUsername: ' or 1/*\r\nPassword: any", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/27539/"}, {"lastseen": "2016-02-03T06:10:07", "bulletinFamily": "exploit", "description": "RedCMS 0.1 profile.php u Parameter SQL Injection. CVE-2006-1569. Webapps exploit for php platform", "modified": "2006-03-31T00:00:00", "published": "2006-03-31T00:00:00", "id": "EDB-ID:27538", "href": "https://www.exploit-db.com/exploits/27538/", "type": "exploitdb", "title": "RedCMS 0.1 profile.php u Parameter SQL Injection", "sourceData": "source: http://www.securityfocus.com/bid/17336/info\r\n\r\nRedCMS is prone to multiple input-validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. \r\n\r\nThe application is prone to HTML-injection and SQL-injection vulnerabilities. A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation. Arbitrary script code may also be executed in the browser of an unsuspecting user in the context of the affected site; this may help the attacker steal cookie-based authentication credentials and launch other attacks.\r\n\r\nhttp://www.example.com/redcms/profile.php? id=99'% 20union%20select% 201,2,3,4,5, 6,7,8,9,10, 11,12,13,14, 15,161,7,18, 19,20/*", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/27538/"}], "securityvulns": [{"lastseen": "2018-08-31T11:10:17", "bulletinFamily": "software", "description": "New eVuln Advisory:\r\nRedCMS Multiple XSS and SQL Injection Vulnerabilities\r\nhttp://evuln.com/vulns/115/summary.html\r\n\r\n--------------------Summary----------------\r\neVuln ID: EV0115\r\nCVE: CVE-2006-1568 CVE-2006-1569\r\nSoftware: RedCMS\r\nSowtware's Web Site: http://redcms.co.uk/\r\nVersions: 0.1\r\nCritical Level: Moderate\r\nType: Multiple Vulnerabilities\r\nClass: Remote\r\nStatus: Unpatched. No reply from developer(s)\r\nPoC/Exploit: Available\r\nSolution: Not Available\r\nDiscovered by: Aliaksandr Hartsuyeu (eVuln.com)\r\n\r\n-----------------Description---------------\r\n1. Multiple Cross-Site Scripting Vulnerabilities.\r\n\r\nVulnerable Script:register.php\r\n\r\nParameters email, location, website are not properly sanitized. This can be used to post arbitrary HTML or web script code.\r\n\r\n\r\n2. Multiple SQL Injections.\r\n\r\nVulnerable scripts:\r\nlogin.php\r\nprofile.php\r\nregister.php\r\n...\r\n\r\nVariables $username(login.php), $password(login.php), $u(profile.php), $username(register.php), $password(register.php),... All user-defined variables are not properly sanitized before being used in SQL queries. This can be used to bypass authentication or make any SQL query by injecting arbitrary SQL code.\r\n\r\nCondition: magic_quotes_gpc = off\r\n\r\n\r\n--------------PoC/Exploit----------------------\r\nAvailable at: http://evuln.com/vulns/115/exploit.html\r\n\r\n--------------Solution---------------------\r\nNo Patch available.\r\n\r\n--------------Credit-----------------------\r\nDiscovered by: Aliaksandr Hartsuyeu (eVuln.com)\r\n\r\n\r\nRegards,\r\nAliaksandr Hartsuyeu\r\nhttp://evuln.com - Penetration Testing Services\r\n.", "modified": "2006-04-15T00:00:00", "published": "2006-04-15T00:00:00", "id": "SECURITYVULNS:DOC:12229", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:12229", "title": "[eVuln] RedCMS Multiple XSS and SQL Injection Vulnerabilities", "type": "securityvulns", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}