Lucene search

K

MyDMS.txt

🗓️ 24 Aug 2004 00:00:00Reported by Joxean KoretType 
packetstorm
 packetstorm
🔗 packetstormsecurity.com👁 16 Views

MyDMS has SQL Injection and file download vulnerabilities affecting all versions prior to 1.4.2.

Show more
Code
`  
  
---------------------------------------------------------------------------   
Multiple vulnerabilities in MyDMS   
---------------------------------------------------------------------------   
  
Author: Joxean Koret   
Date: 2004   
Location: Basque Country   
  
---------------------------------------------------------------------------   
  
Affected software description:   
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~   
  
MyDMS   
  
MyDMS is an open-source   
document-management-system based on PHP   
and MySQL   
published under the GPL.   
  
Web : http://dms.markuswestphal.de/about.html   
  
---------------------------------------------------------------------------   
  
Vulnerabilities:   
~~~~~~~~~~~~~~~~   
  
A. SQL Injection Vulnerability   
  
A1. An SQL Injection vulnerability found in the   
file /demo/out/out.ViewFolder.php.   
The parameter "FolderId" is not correctly   
sanitized and an attacker can inject   
any SQL valid command. You can try the error :   
  
  
http://<host-with-mydmbs>/demo/out/out.ViewFolder.php?folderid=3   
or 1=1as   
  
NOTE : I put or 1=1as, well, this doesn't work,   
but you can see the entire   
SQL query that the server executes.   
  
B. Unspecified File Download Vulnerability   
  
B1. An error in the MyDMS software allows to a   
registered users (and only to   
registered users) to download any file, such   
as /etc/passwd, by inserting in a   
parameter a text such as ../../../../../etc/passwd.   
  
Affected Versions :   
~~~~~~~~~~~~~~~~~~~   
  
The SQL Injection problem is in versions prior to   
1.4.2.   
The file download problem is in all versions.   
  
The fix:   
~~~~~~~~   
  
The SQL Injection problem is corrected in the   
version 1.4.2.   
The file download problem is not corrected but   
vendor is contacted.   
  
---------------------------------------------------------------------------   
Contact:   
~~~~~~~~   
  
Joxean Koret at   
joxeanpiti<<<<<<<<@>>>>>>>>yah00<<<<<<dot>>>>>es   
  
  
`

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
24 Aug 2004 00:00Current
7.4High risk
Vulners AI Score7.4
16
.json
Report