Web application abuses : Nullam Blog Multiple Vulnerabilities

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.900888

Categoría: Web application abuses

Título: Nullam Blog Multiple Vulnerabilities

Resumen: Nullam Blog is prone to multiple vulnerabilities.

Descripción: Summary:
Nullam Blog is prone to multiple vulnerabilities.

Vulnerability Insight:
- Input passed to the 'p' and 's' parameter in index.php is not properly
verified before being used to include files. This can be exploited to include arbitrary files from local resources.

- Input passed to the 'i' and 'v' parameter in index.php is not properly sanitised before being used in SQL queries.
This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

- Input passed to the 'e' parameter in index.php is not properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in the context
of an affected site.

Vulnerability Impact:
Successful exploitation will allow attacker to disclose sensitive information
and conduct cross-site scripting and SQL injection attacks.

Affected Software/OS:
Nullam Blog version prior to 0.1.3 on Linux.

Solution:
Upgrade to Nullam Blog version 0.1.3 or later.

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2009-3664
Bugtraq: 20090909 Nullam Blog Multiple Remote Vulnerabilities (Google Search)
http://www.securityfocus.com/archive/1/506380/100/0/threaded
http://www.exploit-db.com/exploits/9625
http://www.osvdb.org/57919
http://secunia.com/advisories/36648
XForce ISS Database: nullam-index-file-include(53217)
https://exchange.xforce.ibmcloud.com/vulnerabilities/53217
Common Vulnerability Exposure (CVE) ID: CVE-2009-3665
http://www.osvdb.org/57920
XForce ISS Database: nullam-index-sql-injection(53218)
https://exchange.xforce.ibmcloud.com/vulnerabilities/53218
Common Vulnerability Exposure (CVE) ID: CVE-2009-3666
http://www.osvdb.org/57921
XForce ISS Database: nullam-index-xss(53216)
https://exchange.xforce.ibmcloud.com/vulnerabilities/53216

Copyright Copyright (C) 2009 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.900888
Categoría:	Web application abuses
Título:	Nullam Blog Multiple Vulnerabilities
Resumen:	Nullam Blog is prone to multiple vulnerabilities.
Descripción:	Summary: Nullam Blog is prone to multiple vulnerabilities. Vulnerability Insight: - Input passed to the 'p' and 's' parameter in index.php is not properly verified before being used to include files. This can be exploited to include arbitrary files from local resources. - Input passed to the 'i' and 'v' parameter in index.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. - Input passed to the 'e' parameter in index.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in the context of an affected site. Vulnerability Impact: Successful exploitation will allow attacker to disclose sensitive information and conduct cross-site scripting and SQL injection attacks. Affected Software/OS: Nullam Blog version prior to 0.1.3 on Linux. Solution: Upgrade to Nullam Blog version 0.1.3 or later. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2009-3664 Bugtraq: 20090909 Nullam Blog Multiple Remote Vulnerabilities (Google Search) http://www.securityfocus.com/archive/1/506380/100/0/threaded http://www.exploit-db.com/exploits/9625 http://www.osvdb.org/57919 http://secunia.com/advisories/36648 XForce ISS Database: nullam-index-file-include(53217) https://exchange.xforce.ibmcloud.com/vulnerabilities/53217 Common Vulnerability Exposure (CVE) ID: CVE-2009-3665 http://www.osvdb.org/57920 XForce ISS Database: nullam-index-sql-injection(53218) https://exchange.xforce.ibmcloud.com/vulnerabilities/53218 Common Vulnerability Exposure (CVE) ID: CVE-2009-3666 http://www.osvdb.org/57921 XForce ISS Database: nullam-index-xss(53216) https://exchange.xforce.ibmcloud.com/vulnerabilities/53216
Copyright	Copyright (C) 2009 Greenbone AG