Web application abuses : Joomla! ArtForms Component Multiple Vulnerabilities

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.902219

Categoría: Web application abuses

Título: Joomla! ArtForms Component Multiple Vulnerabilities

Resumen: Joomla is prone to multiple vulnerabilities.

Descripción: Summary:
Joomla is prone to multiple vulnerabilities.

Vulnerability Insight:
The flaws are due to:

- Error in the 'ArtForms' (com_artforms) component, allows remote attackers to inject arbitrary
web script or HTML via the 'afmsg' parameter to 'index.php'.

- Directory traversal error in 'assets/captcha/includes/alikon/playcode.php' in the InterJoomla
'ArtForms' (com_artforms) component, allows remote attackers to read arbitrary files via a .. (dot
dot) in the 'l' parameter.

- Multiple SQL injection errors in the 'ArtForms' (com_artforms) component, allows remote
attackers to execute arbitrary SQL commands via the 'viewform' parameter in a 'ferforms' and
'tferforms' action to 'index.php', and the 'id' parameter in a 'vferforms' action to 'index.php'.

Vulnerability Impact:
Successful exploitation will allow attackers to insert arbitrary
HTML or to execute arbitrary SQL commands or to read arbitrary files.

Affected Software/OS:
Joomla ArtForms version 2.1b7.2 RC2 and prior.

Solution:
No known solution was made available for at least one year
since the disclosure of this vulnerability. Likely none will be provided anymore. General solution
options are to upgrade to a newer release, disable respective features, remove the product or
replace the product by another one.

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2010-2846
BugTraq ID: 41457
http://www.securityfocus.com/bid/41457
Bugtraq: 20100707 ArtForms 2.1b7.2 RC2 Joomla Component Multiple Remote Vulnerabilities (Google Search)
http://www.securityfocus.com/archive/1/512215/100/0/threaded
http://www.exploit-db.com/exploits/14263
http://packetstormsecurity.org/1007-exploits/joomlaartforms-sqltraversalxss.txt
XForce ISS Database: artforms-index-xss(60162)
https://exchange.xforce.ibmcloud.com/vulnerabilities/60162
Common Vulnerability Exposure (CVE) ID: CVE-2010-2848
XForce ISS Database: artforms-playcode-dir-traversal(60161)
https://exchange.xforce.ibmcloud.com/vulnerabilities/60161
Common Vulnerability Exposure (CVE) ID: CVE-2010-2847
XForce ISS Database: artforms-index-sql-injection(60160)
https://exchange.xforce.ibmcloud.com/vulnerabilities/60160

Copyright Copyright (C) 2010 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.902219
Categoría:	Web application abuses
Título:	Joomla! ArtForms Component Multiple Vulnerabilities
Resumen:	Joomla is prone to multiple vulnerabilities.
Descripción:	Summary: Joomla is prone to multiple vulnerabilities. Vulnerability Insight: The flaws are due to: - Error in the 'ArtForms' (com_artforms) component, allows remote attackers to inject arbitrary web script or HTML via the 'afmsg' parameter to 'index.php'. - Directory traversal error in 'assets/captcha/includes/alikon/playcode.php' in the InterJoomla 'ArtForms' (com_artforms) component, allows remote attackers to read arbitrary files via a .. (dot dot) in the 'l' parameter. - Multiple SQL injection errors in the 'ArtForms' (com_artforms) component, allows remote attackers to execute arbitrary SQL commands via the 'viewform' parameter in a 'ferforms' and 'tferforms' action to 'index.php', and the 'id' parameter in a 'vferforms' action to 'index.php'. Vulnerability Impact: Successful exploitation will allow attackers to insert arbitrary HTML or to execute arbitrary SQL commands or to read arbitrary files. Affected Software/OS: Joomla ArtForms version 2.1b7.2 RC2 and prior. Solution: No known solution was made available for at least one year since the disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2010-2846 BugTraq ID: 41457 http://www.securityfocus.com/bid/41457 Bugtraq: 20100707 ArtForms 2.1b7.2 RC2 Joomla Component Multiple Remote Vulnerabilities (Google Search) http://www.securityfocus.com/archive/1/512215/100/0/threaded http://www.exploit-db.com/exploits/14263 http://packetstormsecurity.org/1007-exploits/joomlaartforms-sqltraversalxss.txt XForce ISS Database: artforms-index-xss(60162) https://exchange.xforce.ibmcloud.com/vulnerabilities/60162 Common Vulnerability Exposure (CVE) ID: CVE-2010-2848 XForce ISS Database: artforms-playcode-dir-traversal(60161) https://exchange.xforce.ibmcloud.com/vulnerabilities/60161 Common Vulnerability Exposure (CVE) ID: CVE-2010-2847 XForce ISS Database: artforms-index-sql-injection(60160) https://exchange.xforce.ibmcloud.com/vulnerabilities/60160
Copyright	Copyright (C) 2010 Greenbone AG