High-Tech Bridge Security Research Lab discovered multiple security issues in Jojo CMS, which can be exploited to perform SQL Injection and Cross-Site Scripting (XSS) attacks.
SQL Injection in Jojo CMS: CVE-2013-3081
The vulnerability is caused by insufficient filtration of user-supplied input passed to the "X-Forwarded-For" HTTP header in "/articles/test/" URI. A remote unauthenticated attacker can send a specially crafted HTTP request and execute arbitrary SQL commands in application's database.
Successful exploitation of the SQLi requires that "jojo comments" plugin is enabled (disabled by default).
Cross-Site Scripting (XSS) in Jojo CMS: CVE-2013-3082
The vulnerability exists due to insufficient filtration of user-supplied data passed to "search" HTTP POST parameter in "/forgot-password/" URI. A remote attacker can trick a user to open a specially crafted link and execute arbitrary HTML and script code in browser in context of the vulnerable website.
Also Proof-of-Concept (POC) provided in advisory.
Solution:
Fixed by Vendor, Upgrade to Jojo CMS to version 1.2.2
References:
[1] High-Tech Bridge Advisory HTB23153: Multiple vulnerabilities in Jojo CMS
[2] Jojo CMS - Jojo is a PHP-based free CMS for web developers wanting to build good websites.
No comments:
Post a Comment