NCM Content Management System Input Validation Vulnerability

ID SSV:74614
Type seebug
Reporter Root
Modified 2014-07-01T00:00:00


No description provided by source.


The NCM Content Management System is a product distributed by NCM. The NCM Content Management System is designed to manage web material and other data, and provide an interface to databases from web resources.

A problem with the Content Management System could make it possible for a user to execute arbitrary SQL queries. Due to improper checking of input by the script, it may be possible to execute queries on tables within the database using the greater than and less than signs. This problem is in combination with the production version of the software package displaying information about the database upon receiving an invalid query, usual generated from a correct URL appended with an additional character.

Therefore, it is possible for a remote user to execute arbitrary SQL queries using the < and > signs, as well as gain more information by appending erroneous characters to the end of valid URLs.