jCore, a free and open source content management system (CMS), version 1.0pre, suffers from SQL Injection, XSS vulnerabilities.
Vulnerabilities was discovered by High-Tech Bridge Security Research Lab, and published on advisory page:
High-Tech Bridge Advisory HTB23107 - Multiple vulnerabilities in jCore.
SQL injection: input passed via the "memberloginid" COOKIE parameter to "admin/index.php" is not properly sanitised before being used in SQL query.
XSS: input passed via the "path" GET parameter to /admin/index.php is not properly sanitised before being returned to the user.
Solution: upgrade to the last release.
No comments:
Post a Comment