High-Tech Bridge Security Research Lab discovered multiple vulnerabilities in Subrion CMS version 2.2.1 which can be exploited to perform Cross-Site Scripting (XSS), SQL Injection and Сross-Site Request Forgery (CSRF) attacks.
SQL Injection in Subrion CMS:
Input passed via the "plan_id" POST parameter to "/register/" URL (modified by mod_rewrite to "system.php" script) is not properly sanitised before being used in SQL query.Cross-Site Scripting (XSS) in Subrion CMS:
Input passed via the "f[accounts][fullname]" and "f[accounts][username]" GET parameters to "/advsearch/" URL (modified by mod_rewrite to "system.php" script), via the "id" and "group" GET parameters to multiple files is not properly sanitised before being returned to the user.Сross-Site Request Forgery (CSRF) in Subrion CMS:
It is possible to create administrative account within application.
Proof of concept (Poc) examples available on original advisory page: HTB23113 - Multiple vulnerabilities in Subrion CMS.
No comments:
Post a Comment