jaf cms 4.0 rc2 - Multiple Vulnerabilities

No description provided by source. Vulnerability ID: HTB22665 Reference: http://www.htbridge.ch/advisory/shellcreatecommandexecutioninjafcms.html Product: JAF CMS Vendor: JAF CMS http://jaf-cms.sourceforge.net/ Vulnerable Version: 4.0 RC2 Vendor Notification: 21 October 2010 Vulnerability Type:...

CVE-2013-4879

Vulnerability: CVE-2013-4879 affects BigTree CMS 4.0 RC2 and earlier, due to an SQL injection in the code path that processes input via PATH_INFO to index.php (affecting core/inc/bigtree/cms.php). The root cause is insufficient sanitization/validation of user-supplied data, enabling remote attack...

JAF CMS Multiple Remote File Include and Remote Shell Command Execution Vulnerabilities

JAF CMS is prone to an shell-command-execution vulnerability and multiple remote file-include vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker can exploit the remote shell-command-execution issue to execute arbitrary shell commands in the context...

CVE-2008-1609

CVE-2008-1609 affects JAF CMS 4.0 RC2. Connected sources describe a remote file inclusion vulnerability whereby input in the website parameter (to forum/main.php and forum/forum.php) and the main_dir parameter (to forum/forum.php) can be used to include arbitrary files, enabling arbitrary PHP exe...

jafcms-rfi.txt

┌┌───────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An Unimaginable crack.... ────┐...

CVE-2007-6142

The CVE affects ph03y3nk just another flat file (JAF) CMS 4.0 RC2. It describes reflected Cross‑Site Scripting via the index.php show parameter and the print.php print parameter, enabling injection of arbitrary web script/HTML. The root cause is input handling in these two parameters leading to s...