Voxel Dot Net CBMS多个代码注入漏洞

Voxel Dot Net CBMS多个代码注入漏洞

漏洞ID 1106768 漏洞类型 SQL注入
发布时间 2002-06-06 更新时间 2005-10-20
图片[1]-Voxel Dot Net CBMS多个代码注入漏洞-安全小百科CVE编号 CVE-2002-0961
图片[2]-Voxel Dot Net CBMS多个代码注入漏洞-安全小百科CNNVD-ID CNNVD-200210-035
漏洞平台 PHP CVSS评分 7.5
|漏洞来源
https://www.exploit-db.com/exploits/21517
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200210-035
|漏洞详情
VoxelDotNetCBMS0.7及其更早版本存在漏洞。远程攻击者可以像其他用户进行未认证操作,如借助dltclnt.php删除客户,该漏洞可能还会触发SQL注入攻击。
|漏洞EXP
source: http://www.securityfocus.com/bid/4957/info

It has been reported that multiple vulnerabilities exist in CBMS. Reportedly, it is possible to inject both JavaScript and SQL code into the system. It may be possible to execute script code within the context of the site as an authenticated administrator, or to view or modify sensitive database information through the subversion of an SQL query.

These issues have been reported in version 0.7 of CBMS. Other versions may share these vulnerabilities, this has not however been confirmed.

dltclnt.php?choice=yes&idnum=clientid
|参考资料

来源:BID
名称:4957
链接:http://www.securityfocus.com/bid/4957
来源:XF
名称:cbms-php-sql-injection(9295)
链接:http://www.iss.net/security_center/static/9295.php
来源:BUGTRAQ
名称:20020606CBMS:XSSandSQLInjectionholes
链接:http://archives.neohapsis.com/archives/bugtraq/2002-06/0043.html

相关推荐: PostNuke 漏洞

PostNuke 漏洞 漏洞ID 1199037 漏洞类型 未知 发布时间 2005-05-24 更新时间 2005-05-24 CVE编号 CVE-2005-1697 CNNVD-ID CNNVD-200505-1168 漏洞平台 N/A CVSS评分 5.…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享