Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:10700
HistoryDec 18, 2005 - 12:00 a.m.

Mercury CMS™ vuln.

2005-12-1800:00:00
vulners.com
15
JSON

Mercury CMS™ vuln.

Vuln. discovered by : r0t
Date: 18 dec. 2005
orginal advisory:http://pridels.blogspot.com/2005/12/mercury-cms-vuln.html
vendor:http://www.mercury-cms.com
affected version:4.0 and prior

Product Description:

Mercury CMS™ v4.0 is an extensible, modular, enterprise-level content
management system at entry-level costs. The four Editions of the CMS -
Lite, Professional, Portal and E-Commerce - provide complete set of
functionality to satisfy the business needs of our clients. Mercury
CMS™ allows non-technical personnel to manage and edit content using
secure and easy to use, browser-based interfaces.
We designed the Mercury CMS™ v4.0 to provide maximum aesthetic
flexibility by utilizing custom templates and multi-level styling.
What makes this CMS unique are features like parallel editing, content
granulation where pages are containers and content is organized in
sections, snippets, modules; site is organized in areas (public,
intranet, extranet, hidden); meta tags, styles, and repeating content
are configured on multiple levels (global, area, page); and more.
Flexible extensibility provides secure integration with third party
and custom applications.
The Architecture of Mercury CMS™ v4.0 allows for the inclusion of
additional modules and technologies as you require them. There are
more than 40 modules currently available for the system and this
number constantly grows. We give you 17 of those modules for free to
get you started fast and at very low cost.

Vuln. Description:

SQL.
Mercury CMS™ contains a flaw that allows a remote sql injection
attacks.Input passed to the "page" parameter in "index.cfm" isn't
properly sanitised before being used in a SQL query. This can be
exploited to manipulate SQL queries by injecting arbitrary SQL code

/index.cfm?page=[SQL]

XSS.
Mercury CMS™ contains a flaw that allows a remote cross site scripting
attack. This flaw exists because input passed to "content" "criteria"
paremters isn't properly sanitised before being returned to the user.
This could allow a user to create a specially crafted URL that would
execute arbitrary code in a user's browser within the trust
relationship between the browser and the server, leading to a loss of
integrity.

/index.cfm?page=40&criteria
=&start=11&title=&content=[XSS]

/index.cfm?restricted=false&page=10&criteria=[XSS]

Solution:
Edit the source code to ensure that input is properly sanitised.

JSON