Demium CMS Multiple Local File Include And SQL Injection Vulnerabilities Network Vulnerability

Summary

Demium CMS is prone to multiple local file-include vulnerabilities and SQL-injection vulnerabilities because it fails to properly sanitize user-supplied input. An attacker can exploit the local file-include vulnerabilities using directory-traversal strings to view and execute arbitrary local files within the context of the webserver process. Information harvested may aid in further attacks. The attacker can exploit the SQL-injection vulnerabilities to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. Demium CMS 0.2.1 Beta is vulnerable other versions may also be affected.

Severity

Classification

CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Apache Tomcat source.jsp malformed request information disclosure
Apache Struts CookBook/Examples Multiple Cross-Site Scripting Vulnerabilities
Apache Archiva Home Page Cross-Site Scripting vulnerability
Adobe ColdFusion Multiple Full Path Disclosure Vulnerabilities
Alt-N WebAdmin Remote Source Code Information Disclosure Vulnerability

Demium CMS Multiple Local File Include and SQL Injection Vulnerabilities

Take action and discover your vulnerabilities