The host is installed with ArticleFR CMS and is prone to multiple vulnerabilities.
Successful exploitation will allow remote attackers to inject or manipulate SQL queries in the back-end database and execute arbitrary HTML and script code in a users browser session in the context of an affected site. Impact Level: Application
No solution or patch is available as of 28th January, 2015. Information regarding this issue will be updated once the solution details are available. For updates refer http://freereprintables.com
Input passed via the 'username' parameter to register and 'q' parameter to search/v/ is not properly sanitised before being returned to the user.
ArticleFR CMS version 3.0.5, Prior versions may also be affected.
Send a crafted data via HTTP GET request and check whether it is able to read cookie or not.
- ApPHP MicroBlog Remote Code Execution Vulnerability
- A-Blog 'sources/search.php' SQL Injection Vulnerability
- Awstats Configuration File Remote Arbitrary Command Execution Vulnerability
- Apache Tomcat/JBoss EJBInvokerServlet / JMXInvokerServlet (RMI over HTTP) Marshalled Object Remote Code Execution
- AlefMentor Multiple SQL Injection Vulnerabilities