Web application abuses : Baby Gekko CMS Multiple Vulnerabilities

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.804856

Categoría: Web application abuses

Título: Baby Gekko CMS Multiple Vulnerabilities

Resumen: Baby Gekko CMS is prone to multiple vulnerabilities.

Descripción: Summary:
Baby Gekko CMS is prone to multiple vulnerabilities.

Vulnerability Insight:
Multiple errors exist due to:

- Insufficient validation of input passed via the 'keyword', 'query' and 'id'
parameters to /admin/index.php script.

- Insufficient validation of input passed via the 'app' parameter to index.php
script.

- Insufficient validation of input passed via the 'username' and 'password'
HTTP POST parameters to the index.php script.

Vulnerability Impact:
Successful exploitation will allow remote
attackers to inject or manipulate SQL queries in the back-end database and
execute arbitrary HTML and script code in a user's browser session in the
context of an affected site.

Affected Software/OS:
Baby Gekko CMS before version 1.2.2f

Solution:
Upgrade to 1.2.2f, 1.2.4, or later.

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2012-5698
http://www.securityfocus.com/bid/56523
https://exchange.xforce.ibmcloud.com/vulnerabilities/80085
Common Vulnerability Exposure (CVE) ID: CVE-2012-5699
https://exchange.xforce.ibmcloud.com/vulnerabilities/80086
Common Vulnerability Exposure (CVE) ID: CVE-2012-5700
BugTraq ID: 56523
http://www.exploit-db.com/exploits/22741
https://www.htbridge.com/advisory/HTB23122
http://secunia.com/advisories/51260
XForce ISS Database: babygekko-multiple-xss(80087)
https://exchange.xforce.ibmcloud.com/vulnerabilities/80087

Copyright Copyright (C) 2014 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.804856
Categoría:	Web application abuses
Título:	Baby Gekko CMS Multiple Vulnerabilities
Resumen:	Baby Gekko CMS is prone to multiple vulnerabilities.
Descripción:	Summary: Baby Gekko CMS is prone to multiple vulnerabilities. Vulnerability Insight: Multiple errors exist due to: - Insufficient validation of input passed via the 'keyword', 'query' and 'id' parameters to /admin/index.php script. - Insufficient validation of input passed via the 'app' parameter to index.php script. - Insufficient validation of input passed via the 'username' and 'password' HTTP POST parameters to the index.php script. Vulnerability Impact: Successful exploitation will allow remote attackers to inject or manipulate SQL queries in the back-end database and execute arbitrary HTML and script code in a user's browser session in the context of an affected site. Affected Software/OS: Baby Gekko CMS before version 1.2.2f Solution: Upgrade to 1.2.2f, 1.2.4, or later. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2012-5698 http://www.securityfocus.com/bid/56523 https://exchange.xforce.ibmcloud.com/vulnerabilities/80085 Common Vulnerability Exposure (CVE) ID: CVE-2012-5699 https://exchange.xforce.ibmcloud.com/vulnerabilities/80086 Common Vulnerability Exposure (CVE) ID: CVE-2012-5700 BugTraq ID: 56523 http://www.exploit-db.com/exploits/22741 https://www.htbridge.com/advisory/HTB23122 http://secunia.com/advisories/51260 XForce ISS Database: babygekko-multiple-xss(80087) https://exchange.xforce.ibmcloud.com/vulnerabilities/80087
Copyright	Copyright (C) 2014 Greenbone AG