BabyGekko CMS v.1.2.2e suffers from SQL injection, PHP file inclusion, cross-site scripting vulnerabilities.
SQL Injections in Baby Gekko:
The vulnerability exists due to insufficient validation of input passed via the "keyword" and "query" parameters to "admin/index.php" script. In first case the "app" parameter must be set to "users". This vulnerabilities can be exploited by a non-authenticated malicious user via CSRF vector.Local File Inclusion
The vulnerability exists due to insufficient validation of input passed via the "app" parameter to "index.php" script. A remote attacker can include arbitrary files from local system using directory traversal sequences with NULL byte.Cross-site scripting (XSS)
Input passed via the "id" parameter to "/admin/index.php"; via the "username" and "password" HTTP POST parameters to the "index.php" are not properly sanitized. This can be used to inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
This vulnerabilities are fixed in BabyGekko 1.2.2f.
More information about this issues with PoC's and attack scenario you can found on this page: High-Tech Bridge Advisory HTB23122 - Multiple vulnerabilities in BabyGekko.
No comments:
Post a Comment