Jojo CMS Multiple Vulnerabilities Network Vulnerability

Summary

This host is installed with Jojo CMS and is prone to multiple vulnerabilities.

Impact

Successful exploitation will allow remote attackers to execute arbitrary SQL commands and execute arbitrary HTML and script code in a user's browser session in the context of an affected website. Impact Level: Application

Solution

Update to Jojo CMS 1.2.2 or later, For updates refer to http://www.jojocms.org

Insight

Multiple flaws due to, - An insufficient filtration of user-supplied input passed to the 'X-Forwarded-For' HTTP header in '/articles/test/' URI. - An insufficient filtration of user-supplied data passed to 'search' HTTP POST parameter in '/forgot-password/' URI.

Affected

Jojo CMS version 1.2 and prior

References

http://secunia.com/advisories/53418
http://www.osvdb.org/93437
http://www.osvdb.org/93438
https://www.htbridge.com/advisory/HTB23153

Updated on 2017-03-28

Severity

Classification

CVE CVE-2013-3081, CVE-2013-3082
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Apache Struts2 Showcase Skill Name Remote Code Execution Vulnerability
Adobe ColdFusion Authentication Bypass Vulnerability
Apache Tomcat AJP Protocol Security Bypass Vulnerability
ASP Inline Corporate Calendar SQL injection
Artmedic Kleinanzeigen File Inclusion Vulnerability

Take action and discover your vulnerabilities