Summary
The host is installed with ArticleFR CMS
and is prone to multiple vulnerabilities.
Impact
Successful exploitation will allow remote
attackers to inject or manipulate SQL queries in the back-end database and execute arbitrary HTML and script code in a users browser session in the context of an affected site.
Impact Level: Application
Solution
No solution or patch is available as of
28th January, 2015. Information regarding this issue will be updated once the solution details are available. For updates refer http://freereprintables.com
Insight
Input passed via the 'username' parameter
to register and 'q' parameter to search/v/ is not properly sanitised before being returned to the user.
Affected
ArticleFR CMS version 3.0.5, Prior
versions may also be affected.
Detection
Send a crafted data via HTTP GET request
and check whether it is able to read cookie or not.
References
Severity
Classification
-
CVE CVE-2015-1363, CVE-2015-1364 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- ApPHP MicroBlog Remote Code Execution Vulnerability
- Apple Safari PDF Javascript Security Bypass Bypass Vulnerability
- AlstraSoft AskMe Pro 'forum_answer.php' and 'profile.php' Multiple SQL Injection Vulnerabilities
- Acute Control Panel SQL Injection Vulnerability and Remote File Include Vulnerability
- Atlassian JIRA Privilege Escalation and Multiple Cross Site Scripting Vulnerabilities