Vulners
Lucene search
QuickBlog v0.8 CMS - Multiple Web Vulnerabilities
Title:
======
QuickBlog v0.8 CMS - Multiple Web Vulnerabilities
Introduction:
=============
QuickBlog est un gestionnaire de weblog ecrit en PHP4 compatible PHP5 et MySQL compatible MySQLi multi utilisateur multi
langue multi theme Il est tres simple et tres lege Il utilise un editeur WYSIWYG TinyMCE avec possibilite d annexe
(Copy of the Vendor Homepage: http://www.comscripts.com/scripts/php.quickblog.2256.html )
Details:
========
1.1
Multiple remote SQL Injection vulnerabilities are detected in QuickBlog v0.8 CMS. The vulnerability
allows an attacker (remote) or local low privileged user account to inject/execute own sql commands on the
affected application dbms. Successful exploitation of the vulnerability results in dbms & application compromise.
The vulnerabilities are located on the application post requests of gestionpost & fct_affiche.inc.
Vulnerable Module(s):
[+] admin/gestionpost.php
[+] include/fct_affiche.inc.php
1.2
Multiple persistent input validation vulnerabilities are detected in QuickBlog v0.8 CMS. The bugs allow
remote attackers to implement/inject malicious script code on the application side (persistent). Successful
exploitation of the vulnerability can lead to session hijacking (manager/admin) or stable (persistent) context
manipulation. Exploitation requires low user inter action & privileged user account.
Vulnerable Module(s):
[+] recherche.php
[+] commentaire/form.php
[+] admin/samplemodifieddata.php
[+] admin/sampleposteddata.php
Solution:
=========
In file: admin/gestionpost.php
In lines 85 - 89:
if(isset($_GET[`page`]))
{
$page = $_GET[`page`];
$page = $page - 1;
}
edit:
if(isset($_GET[`page`]))
{
$page = (int)$_GET[`page`];
}
In file: include/fct_affiche.inc.php
In lines 56 - 59:
if(isset($_GET[`page`]))
{
$page = $_GET[`page`];
$page = $page - 1;
}
edit:
if(isset($_GET[`page`]))
{
$page = (int)$_GET[`page`];
}
In file: recherche.php
In lines 52 - 55:
if (isset($_POST[``search``]))
{
$mot = $_POST[``search``];
}
edit:
if (isset($_POST[``search``]))
{
$mot = htmlspecialchars(strip_tags($_POST[``search``]));
}
In file: commentaire/form.php
In lines 41:
$nom=$_POST[``nom``];
edit:
$nom= htmlspecialchars(strip_tags($_POST[``nom``]));
In file: admin/samplemodifieddata.php
In lines 47:
$titre = $_POST[``title``];
edit:
$titre = htmlspecialchars(strip_tags($_POST[``title``]));
In file: admin/sampleposteddata.php
In lines 38:
$titre = $_POST[``title``];
edit:
$titre = htmlspecialchars(strip_tags($_POST[``title``]));
# 0day.today [2018-01-03] #Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
12 May 2012 00:00Current
7.1High risk
Vulners AI Score7.1