chicomas <= 2.0.4 (DB Backup/DD/XSS) Multiple Vulnerabilities

No description provided by source. www.BugReport.ir AmnPardaz Security Research Team Title: chicomas =2.0.4 Multiple Vulnerabilities Vendor: http://www.chicomas.com/ Demo: http://demo.opensourcecms.com/chicomas Bug: Database Information Disclosure, Authorization Weakness, XSS Vulnerable Version:...

ChiCoMaS 2.0.4 - 'index.php' Cross Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/29025/info ChiCoMaS is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an...

Improper access control

Chilek Content Management System aka ChiCoMaS 2.0.4 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to 1 obtain database credentials via a direct request for config.inc or 2 read database backups via a request for a backu...

CVE-2008-5853

CVE-2008-5853 affects Chilek Content Management System (ChiCoMaS) 2.0.4 and earlier. The vulnerability arises from storing sensitive information under the web root with insufficient access control, allowing remote attackers to (1) obtain database credentials via a direct request for config.inc, a...

chicomas 2.0.4 XSS / Database Disclosure

www.BugReport.ir AmnPardaz Security Research Team Title: chicomas Dtabase Information Disclosure POC: http://URL/chicomas/config.inc +--The Latest generated Database backups POC: http://URL/chicomas/backup +--Cross Site Scripting XSS. Reflected XSS attack in "index.php" in "q" parameter. POC:...

chicomas &lt;= 2.0.4 (DB Backup/DD/XSS) Multiple Vulnerabilities

No description provided by source. www.BugReport.ir AmnPardaz Security Research Team Title: chicomas =2.0.4 Multiple Vulnerabilities Vendor: http://www.chicomas.com/ Demo: http://demo.opensourcecms.com/chicomas Bug: Database Information Disclosure, Authorization Weakness, XSS Vulnerable Version:...

chicomas <= 2.0.4 (DB Backup/DD/XSS) Multiple Vulnerabilities

Exploit for unknown platform in category web applications ============================================================= chicomas Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 0 -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-1 AmnPardaz...

Chicomas 2.0.4 - Database Backup / File Disclosure / Cross-Site Scripting

www.BugReport.ir AmnPardaz Security Research Team Title: chicomas Dtabase Information Disclosure POC: http://URL/chicomas/config.inc +--The Latest generated Database backups POC: http://URL/chicomas/backup +--Cross Site Scripting XSS. Reflected XSS attack in "index.php" in "q" parameter. POC:...

Chicomas 2.0.4 - Database Backup File Disclosure Cross-Site Scripting

Chicomas 2.0.4 - Database Backup File Disclosure Cross-Site Scripting www.BugReport.ir AmnPardaz Security Research Team Title: chicomas Dtabase Information Disclosure POC: http://URL/chicomas/config.inc +--The Latest generated Database backups POC: http://URL/chicomas/backup +--Cross Site Scripti...

Cross site scripting

Cross-site scripting XSS vulnerability in index.php in Chilek Content Management System aka ChiCoMaS 2.0.4 allows remote attackers to inject arbitrary web script or HTML via the q parameter...

chicomas.2.0.4

Author : Hadi Kiamarsi ---------------------------------------------------------------------------------- Discovered by : Hadi Kiamarsi ---------------------------------------------------------------------------------- Exploited By : Hadi Kiamarsi...

Chicomas 2.0.4 - index.php Cross-Site Scripting

Chicomas 2.0.4 - index.php Cross-Site Scripting source: https://www.securityfocus.com/bid/29025/info ChiCoMaS is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the...

chicomas204-xss.txt

Author : Hadi Kiamarsi ---------------------------------------------------------------------------------- Discovered by : Hadi Kiamarsi ---------------------------------------------------------------------------------- Exploited By : Hadi Kiamarsi...

Chicomas 2.0.4 - &#039;index.php&#039; Cross-Site Scripting

source: https://www.securityfocus.com/bid/29025/info ChiCoMaS is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of t...

CVE-2008-2017

Directory traversal vulnerability in Chilek Content Management System aka ChiCoMaS 2.0.4 allows remote attackers to include and execute arbitrary local files via a .. dot dot in the operation parameter to the default URI under install/...

Directory traversal

PHP remote file inclusion vulnerability in Chilek Content Management System aka ChiCoMaS 2.0.4 allows remote attackers to execute arbitrary PHP code via a URL in the lang parameter to the default URI under install/. NOTE: this can also be leveraged to include and execute arbitrary local files via...

Directory traversal

Directory traversal vulnerability in Chilek Content Management System aka ChiCoMaS 2.0.4 allows remote attackers to include and execute arbitrary local files via a .. dot dot in the operation parameter to the default URI under install/...

CVE-2008-2016

The CVE-2008-2016 entry concerns Chilek Content Management System (ChiCoMaS) 2.0.4. The vulnerability is a PHP remote file inclusion via the lang parameter to the default URI under install/, enabling remote attackers to execute arbitrary PHP code. The note indicates this can also be leveraged to ...

CVE-2008-2017

The CVE-2008-2017 entry concerns Chilek Content Management System (ChiCoMaS) 2.0.4, where a directory traversal flaw allows remote attackers to include and execute arbitrary local files. The vulnerability arises from a dot-dot sequence (..) in the operation parameter to the default install/ URI. ...

CVE-2008-2017

Directory traversal vulnerability in Chilek Content Management System aka ChiCoMaS 2.0.4 allows remote attackers to include and execute arbitrary local files via a .. dot dot in the operation parameter to the default URI under install/...