. The CIS Manager platform is a complete and powerful tool to manage
sites and corporative portals on the Internet. The platform components
bring autonomy to your company to manage the content (structure,
texts, images, downloadable files, articles, news...) without the need
of a developer.
(...)
Release date
2014-05-16
Details
. SQL injection using POST parameters:
URL: http://site/autenticar/lembrarlogin.asp
TYPE: error-based
PARAM: email
PAYLOAD: email=xxx' AND (...)
Disclosure Timeline
2014-04-16: Vendor notification.
2014-04-26: No response. Vendor notification again.
2014-05-10: No response. Vendor notification again.
2014-05-16: Public disclosure.
Contact
Thiago C.
edge () bitmessage.ch
{"id": "SECURITYVULNS:DOC:30868", "bulletinFamily": "software", "title": "Construtiva CIS Manager CMS POST SQLi", "description": "\r\n\r\n\r\nTL;DR;\r\n======\r\n\r\n . PRODUCT : Construtiva CIS Manager\r\n . TYPE : SQLi http://site/autenticar/lembrarlogin.asp (POST email)\r\n . CVE : CVE-2014-3749\r\n\r\n\r\nSoftware Description\r\n====================\r\n\r\n . The CIS Manager platform is a complete and powerful tool to manage\r\nsites and corporative portals on the Internet. The platform components\r\nbring autonomy to your company to manage the content (structure,\r\ntexts, images, downloadable files, articles, news...) without the need\r\nof a developer.\r\n\r\n (...)\r\n\r\n\r\nRelease date\r\n============\r\n\r\n2014-05-16\r\n\r\n\r\nDetails\r\n=======\r\n\r\n . SQL injection using POST parameters:\r\n\r\n URL: http://site/autenticar/lembrarlogin.asp\r\n TYPE: error-based\r\n PARAM: email\r\n PAYLOAD: email=xxx' AND (...)\r\n\r\n\r\nDisclosure Timeline\r\n===================\r\n\r\n2014-04-16: Vendor notification.\r\n2014-04-26: No response. Vendor notification again.\r\n2014-05-10: No response. Vendor notification again.\r\n2014-05-16: Public disclosure.\r\n\r\n\r\nContact\r\n=======\r\n\r\nThiago C.\r\nedge () bitmessage.ch\r\n\r\n", "published": "2014-06-14T00:00:00", "modified": "2014-06-14T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:30868", "reporter": "Securityvulns", "references": [], "cvelist": ["CVE-2014-3749"], "type": "securityvulns", "lastseen": "2018-08-31T11:10:52", "edition": 1, "viewCount": 9, "enchantments": {"score": {"value": 5.8, "vector": "NONE"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2014-3749"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310804455"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:126659"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:13836"]}]}, "backreferences": {"references": [{"type": "cve", "idList": ["CVE-2014-3749"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310804455"]}]}, "exploitation": null, "vulnersScore": 5.8}, "affectedSoftware": [], "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1647552764}}
{"packetstorm": [{"lastseen": "2016-12-05T22:13:16", "description": "", "cvss3": {}, "published": "2014-05-18T00:00:00", "type": "packetstorm", "title": "Construtiva CIS Manager SQL Injection", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2014-3749"], "modified": "2014-05-18T00:00:00", "id": "PACKETSTORM:126659", "href": "https://packetstormsecurity.com/files/126659/Construtiva-CIS-Manager-SQL-Injection.html", "sourceData": "`Construtiva CIS Manager CMS POST SQLi \n \nTL;DR; \n====== \n \n. PRODUCT : Construtiva CIS Manager \n. TYPE : SQLi http://site/autenticar/lembrarlogin.asp (POST email) \n. CVE : CVE-2014-3749 \n \n \nSoftware Description \n==================== \n \n. The CIS Manager platform is a complete and powerful tool to manage \nsites and corporative portals on the Internet. The platform components \nbring autonomy to your company to manage the content (structure, \ntexts, images, downloadable files, articles, news...) without the need \nof a developer. \n \n(...) \n \n \nRelease date \n============ \n \n2014-05-16 \n \n \nDetails \n======= \n \n. SQL injection using POST parameters: \n \nURL: http://site/autenticar/lembrarlogin.asp \nTYPE: error-based \nPARAM: email \nPAYLOAD: email=xxx' AND (...) \n \n \nDisclosure Timeline \n=================== \n \n2014-04-16: Vendor notification. \n2014-04-26: No response. Vendor notification again. \n2014-05-10: No response. Vendor notification again. \n2014-05-16: Public disclosure. \n \n \nContact \n======= \n \nThiago C. \nedge () bitmessage.ch \n \n \n \n \n \n`\n", "sourceHref": "https://packetstormsecurity.com/files/download/126659/construtivacismanager-sql.txt", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "openvas": [{"lastseen": "2020-05-08T19:04:42", "description": "This host is installed with CIS Manager and is prone to SQL injection\n vulnerability.", "cvss3": {}, "published": "2014-05-26T00:00:00", "type": "openvas", "title": "CIS Manager 'email' Parameter SQL Injection Vulnerability", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-3749"], "modified": "2020-05-06T00:00:00", "id": "OPENVAS:1361412562310804455", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310804455", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CIS Manager 'email' Parameter SQL Injection Vulnerability\n#\n# Authors:\n# Antu Sanadi <santu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.804455\");\n script_version(\"2020-05-06T07:10:15+0000\");\n script_cve_id(\"CVE-2014-3749\");\n script_bugtraq_id(67442);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-05-06 07:10:15 +0000 (Wed, 06 May 2020)\");\n script_tag(name:\"creation_date\", value:\"2014-05-26 16:44:36 +0530 (Mon, 26 May 2014)\");\n script_name(\"CIS Manager 'email' Parameter SQL Injection Vulnerability\");\n\n script_tag(name:\"summary\", value:\"This host is installed with CIS Manager and is prone to SQL injection\n vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Send a crafted data via HTTP GET request and check whether it is able to read\n SQL injection error.\");\n\n script_tag(name:\"insight\", value:\"The flaw is due to the /autenticar/lembrarlogin.asp script not properly\n sanitizing user-supplied input to the 'email' parameter.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attacker to inject or manipulate SQL\n queries in the back-end database, allowing for the manipulation or disclosure\n of arbitrary data.\");\n\n script_tag(name:\"affected\", value:\"CIS Manager CMS\");\n\n script_tag(name:\"solution\", value:\"No known solution was made available for at least one year since the disclosure of this vulnerability.\nLikely none will be provided anymore.\nGeneral solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one.\");\n\n script_tag(name:\"solution_type\", value:\"WillNotFix\");\n script_tag(name:\"qod_type\", value:\"remote_app\");\n script_xref(name:\"URL\", value:\"http://xforce.iss.net/xforce/xfdb/93252\");\n script_xref(name:\"URL\", value:\"http://seclists.org/fulldisclosure/2014/May/73\");\n script_category(ACT_ATTACK);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"find_service.nasl\", \"no404.nasl\", \"webmirror.nasl\", \"DDI_Directory_Scanner.nasl\", \"global_settings.nasl\");\n script_require_ports(\"Services/www\", 80);\n script_exclude_keys(\"Settings/disable_cgi_scanning\");\n\n exit(0);\n}\n\ninclude(\"http_func.inc\");\ninclude(\"http_keepalive.inc\");\ninclude(\"host_details.inc\");\n\nhttp_port = http_get_port(default:80);\nif( ! http_can_host_asp( port:http_port ) ) exit( 0 );\n\nforeach dir (make_list_unique(\"/\", \"/autenticar\", \"/cismanager\", \"/site\", \"/construtiva\", http_cgi_dirs(port:http_port)))\n{\n\n if(dir == \"/\") dir = \"\";\n\n rcvRes = http_get_cache(item:string(dir, \"/login.asp\"), port:http_port);\n\n if(rcvRes && rcvRes =~ \">Construtiva .*Internet Software\" ||\n \"http://www.construtiva.com.br/\" >< rcvRes)\n {\n if(http_vuln_check(port:http_port, url: dir + \"/lembrarlogin.asp?email='\",\n pattern:\"SQL Server.*>error.*'80040e14'\"))\n {\n\n security_message(port:http_port);\n exit(0);\n }\n }\n}\n\nexit(99);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "cve": [{"lastseen": "2022-03-23T13:00:06", "description": "SQL injection vulnerability in Construtiva CIS Manager allows remote attackers to execute arbitrary SQL commands via the email parameter to autenticar/lembrarlogin.asp.", "cvss3": {}, "published": "2014-05-20T14:55:00", "type": "cve", "title": "CVE-2014-3749", "cwe": ["CWE-89"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3749"], "modified": "2018-10-09T19:47:00", "cpe": ["cpe:/a:construtiva:cis_manager_cms:-"], "id": "CVE-2014-3749", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3749", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:construtiva:cis_manager_cms:-:*:*:*:*:*:*:*"]}], "securityvulns": [{"lastseen": "2021-06-08T18:45:19", "description": "PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.", "edition": 2, "cvss3": {}, "published": "2014-06-14T00:00:00", "title": "Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2014-3946", "CVE-2014-3781", "CVE-2014-2575", "CVE-2014-3945", "CVE-2014-2987", "CVE-2014-2303", "CVE-2014-3414", "CVE-2014-3947", "CVE-2014-2554", "CVE-2014-3948", "CVE-2014-3944", "CVE-2014-3137", "CVE-2014-3740", "CVE-2013-2251", "CVE-2014-3877", "CVE-2014-3446", "CVE-2014-3943", "CVE-2014-3941", "CVE-2014-3210", "CVE-2014-1402", "CVE-2014-0228", "CVE-2014-3415", "CVE-2014-0130", "CVE-2014-2577", "CVE-2014-3875", "CVE-2014-3942", "CVE-2014-3783", "CVE-2013-7106", "CVE-2014-2233", "CVE-2014-2843", "CVE-2014-3447", "CVE-2013-7107", "CVE-2014-3749", "CVE-2014-0081", "CVE-2014-2232", "CVE-2014-1855", "CVE-2014-1878", "CVE-2014-2302", "CVE-2014-0082", "CVE-2014-3876", "CVE-2014-2553", "CVE-2014-3782", "CVE-2014-2386", "CVE-2014-3966", "CVE-2013-5954", "CVE-2014-0107", "CVE-2014-3448", "CVE-2013-7108", "CVE-2014-2988", "CVE-2014-3445", "CVE-2014-3949"], "modified": "2014-06-14T00:00:00", "id": "SECURITYVULNS:VULN:13836", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:13836", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
