Viscacha Forum CMS v0.8.1.1 - Multiple Web Vulnerabilities

Title:
======
Viscacha Forum CMS v0.8.1.1 - Multiple Web Vulnerabilities

Introduction:
=============
Viscacha is a free bulletin board system with an integrated CMS. The intention of the software engineers 
is to combine the current standards with new and user friendly features. The system supports packages for 
easily extending the core system.  Viscacha is a free bulletin board system with an integrated content 
management system. The intention of the software engineers is to combine the current standards with new 
and user friendly features. The system supports packages (plugins and components) for easily extending the 
core system. Viscacha uses an database abstraction layer to support as many databases as possible. With 
this software you can easily set up a complete (personal) homepage. The CMS extends the bulletin board 
system to have a homepage which is connected to the community.

(Copy of the vendor Homepage: http://www.viscacha.org )

Details:
========
1.1
A remote SQL Injection vulnerability (POST) is detected in Viscacha Bulletin Board CMS v0.8.1.1.
The vulnerability allows an attacker (remote) or local low privileged user account to inject/execute own sql commands 
on the affected application dbms. Successful exploitation of the vulnerability results in dbms & application compromise.
The vulnerability is located on the bbcode module of the forum application.

Vulnerable Module(s):
				[+] BBCode - Tags & BB-Code | Change or Example


--- SQL Exception Logs ---
Fatal error: DB ERROR 1064: You have an error in your SQL syntax; check the manual that corresponds to your 
MySQL server version for the right syntax to use near ` at line 1
File: /home/opencms/public_html/demo/viscacha/admin/bbcodes.php on line 1164
Query: SELECT * FROM v_bbcode WHERE bbcodetag = `sd`AND twoparams = `0`AND in 
/home/server/public_html/cms/viscacha/classes/database/mysql.inc.php on line 151 


Fatal error: DB ERROR 1064: You have an error in your SQL syntax; check the manual that corresponds to your 
MySQL server version for the right syntax to use near ` at line 1
File: /home/server/public_html/cms/viscacha/admin/bbcodes.php on line 1164
Query: SELECT * FROM v_bbcode WHERE bbcodetag = `sd` AND twoparams = `0` AND in 
/home/opencms/public_html/demo/viscacha/classes/database/mysql.inc.php on line 151 

Fatal error: DB ERROR 1064: You have an error in your SQL syntax; check the manual that corresponds to your 
MySQL server version for the right syntax to use near` at line 1
File: /home/server/public_html/cms/viscacha/admin/bbcodes.php on line 1164
Query: SELECT * FROM v_bbcode WHERE bbcodetag = `-1`AND twoparams = `0` AND in 
/home/server/public_html/cms/viscacha/classes/database/mysql.inc.php on line 151 

1.2
Multiple persistent input validation vulnerabilities is detected in Viscacha Bulletin Board CMS v0.8.1.1.
The bugs allow remote attackers to implement/inject malicious script code on the application side (persistent).
Successful exploitation of the vulnerability can lead to session hijacking (manager/admin/user) or stable (persistent) 
context manipulation. Exploitation requires low user inter action.


Vulnerable Module(s):
				[+] Private Messages System - Text Input Field
				[+] Zensur - Bad Word Input Field
				[+] Kommentar - Portal Input Field Text & Topic



#  0day.today [2017-12-31]  #