oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

CVE Request -- CMS Sefrengo v.1.6.0 -- SQL injection and XSS vulnerabilities

From: Steffen Rösemann <steffen.roesemann1986 () gmail com>
Date: Tue, 6 Jan 2015 22:48:02 +0100
Hello Josh, Steve, vendors, list.

I found two SQL injection vulnerabilities and a reflecting XSS
vulnerability in the content management system Sefrengo v. 1.6.0.

They all reside in the administrative backend of the CMS in the following
paths of a common installation:

SQL injection vulnerabilities:

http://{TARGET}/backend/main.php?area=con_configcat&idcat=1&idtplconf=0
http://{TARGET}/backend/main.php?area=plug&idclient=1

XSS vulnerability:

http://
{TARGET}/backend/main.php?area=user&idgroup=0&order=&ascdesc=ASC&searchterm=&page=1

The SQL injection vulnerabilities can be exploited via the parameters
"idcat" and "idclient". The XSS vulnerability can be exploited via the
parameter "searchterm".

Could you please assign a CVE-ID / CVE-IDs for it?

Thank you!

Greetings

Steffen Rösemann

References:

[1] http://sroesemann.blogspot.de/2014/12/sroeadv-2014-06.html
[2]
http://sroesemann.blogspot.de/2015/01/report-for-advisory-sroeadv-2014-06.html
[3] http://sroesemann.blogspot.de/2015/01/sroeadv-2015-04.html
[4]
http://sroesemann.blogspot.de/2015/01/report-for-advisory-sroeadv-2015-04.html
[5] http://forum.sefrengo.org/index.php?showtopic=3360
[6]
https://github.com/sefrengo-cms/sefrengo-1.x/commit/ed3ad864b8d36499402e981301d95074e583ac04
[7] http://seclists.org/fulldisclosure/2015/Jan/9
[8] http://seclists.org/fulldisclosure/2015/Jan/10
Previous By Date Next
Previous By Thread Next

Current thread: