Summary
Demium CMS is prone to multiple local file-include vulnerabilities and SQL-injection vulnerabilities because it fails to properly sanitize user-supplied input.
An attacker can exploit the local file-include vulnerabilities using directory-traversal strings to view and execute arbitrary local files within the context of the webserver process. Information harvested may aid in further attacks.
The attacker can exploit the SQL-injection vulnerabilities to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Demium CMS 0.2.1 Beta is vulnerable
other versions may also be affected.
Severity
Classification
-
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Apache Tomcat source.jsp malformed request information disclosure
- Apache Struts CookBook/Examples Multiple Cross-Site Scripting Vulnerabilities
- Apache Archiva Home Page Cross-Site Scripting vulnerability
- Adobe ColdFusion Multiple Full Path Disclosure Vulnerabilities
- Alt-N WebAdmin Remote Source Code Information Disclosure Vulnerability