EliteCMS Multiple Vulnerabilities Network Vulnerability

Summary

eliteCMS is prone to a vulnerability that lets attackers upload and execute arbitrary PHP code. The application is also prone to a cross-site scripting issue and to a SQL Injection Vulnerability. These issues occur because the application fails to sufficiently sanitize user-supplied input. Attackers can exploit these issues to steal cookie information, execute arbitrary client-side scripts in the context of the browser, upload and execute arbitrary files in the context of the webserver, compromise the application, access or modify data, exploit latent vulnerabilities in the underlying database and launch other attacks. These issues affect eliteCMS 1.01 other versions may also be affected.

References

http://www.securityfocus.com/bid/30990
http://www.securityfocus.com/bid/35155
http://xforce.iss.net/xforce/xfdb/50869

Updated on 2015-03-25

Severity

Classification

CVE CVE-2008-4046
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

aflog Cookie-Based Authentication Bypass Vulnerability
AWStats Totals 'sort' Parameter Remote Command Execution Vulnerabilities
AudiStat multiple vulnerabilities
ArticleSetup Multiple Cross-Site Scripting and SQL Injection Vulnerabilities
artmedic_links5 File Inclusion Vulnerability

eliteCMS multiple Vulnerabilities

Take action and discover your vulnerabilities