Voxel Dot Net CBMS多个代码注入漏洞

24次阅读
没有评论

Voxel Dot Net CBMS多个代码注入漏洞

漏洞ID 1106768 漏洞类型 SQL注入
发布时间 2002-06-06 更新时间 2005-10-20
Voxel Dot Net CBMS多个代码注入漏洞CVE编号 CVE-2002-0961
Voxel Dot Net CBMS多个代码注入漏洞CNNVD-ID CNNVD-200210-035
漏洞平台 PHP CVSS评分 7.5
|漏洞来源
https://www.exploit-db.com/exploits/21517
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200210-035
|漏洞详情
VoxelDotNetCBMS0.7及其更早版本存在漏洞。远程攻击者可以像其他用户进行未认证操作,如借助dltclnt.php删除客户,该漏洞可能还会触发SQL注入攻击。
|漏洞EXP
source: http://www.securityfocus.com/bid/4957/info

It has been reported that multiple vulnerabilities exist in CBMS. Reportedly, it is possible to inject both JavaScript and SQL code into the system. It may be possible to execute script code within the context of the site as an authenticated administrator, or to view or modify sensitive database information through the subversion of an SQL query.

These issues have been reported in version 0.7 of CBMS. Other versions may share these vulnerabilities, this has not however been confirmed.

dltclnt.php?choice=yes&idnum=clientid
|参考资料

来源:BID
名称:4957
链接:http://www.securityfocus.com/bid/4957
来源:XF
名称:cbms-php-sql-injection(9295)
链接:http://www.iss.net/security_center/static/9295.php
来源:BUGTRAQ
名称:20020606CBMS:XSSandSQLInjectionholes
链接:http://archives.neohapsis.com/archives/bugtraq/2002-06/0043.html

相关推荐: PostNuke 漏洞

PostNuke 漏洞 漏洞ID 1199037 漏洞类型 未知 发布时间 2005-05-24 更新时间 2005-05-24 CVE编号 CVE-2005-1697 CNNVD-ID CNNVD-200505-1168 漏洞平台 N/A CVSS评分 5.…

正文完
 0