Thursday, April 5, 2012

HTB23081: osCMax multiple vulnerabilities

osCMax version 2.5.0 suffers from a cross-site scripting (XSS) and SQL injection vulnerabilities:
1. Cross-site scripting (XSS): Input passed via the "username" POST parameter to "admin/login.php", "pageTitle" GET parameter to "admin/new_attributes_include.php", "sb_id", "sb_key", "gc_id", "gc_key" and "path" POST parameters to "admin/htaccess.php", "title" GET parameter to "admin/information_form.php", "search" GET parameter to "admin/xsell.php", "gross" and "max" GET parameters to "admin/stats_products_purchased.php", "status" GET parameter to "admin/stats_monthly_sales.php", "sorted" GET parameter to "admin/stats_customers.php", "information_id" GET parameter to "admin/information_manager.php", "zID" GET parameter to "admin/geo_zones.php", "current_product_id" and "cPath" GET parameters to "admin/new_attributes_include.php" scripts are not properly sanitised before being returned to the user.
2. SQL Injection: Input passed via the "status" GET parameter to "admin/stats_monthly_sales.php", "country" POST parameter to "admin/create_account_process.php", "username" POST parameter to "admin/login.php" scripts are not properly sanitised before being used in SQL query.

Vulnerability ID: HTB23081
Vendor Notification / Patch / Public Disclosure Dates: 14 March / 30 March / 4 April
Vulnerabilities Type: Cross-Site Scripting (XSS), SQL Injection
Solution Status: Fixed by Vendor
Risk level: High
Solution: Upgrade to osCMax v2.5.1 or later version

Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)