Fortibus CMS Input Validation Flaws Let Remote Users Injection SQL Commands
|
|
SecurityTracker Alert ID: 1014242
|
|
SecurityTracker URL: http://securitytracker.com/id?1014242
|
|
CVE Reference: CVE-2005-2037
, CVE-2005-2038
(Links to External Site)
|
Updated: Jul 17 2008
|
Original Entry Date: Jun 20 2005
|
Impact: Disclosure of system information, Disclosure of user information, Modification of user information, User access via network
|
Fix Available: Yes
Vendor Confirmed: Yes
|
Version(s): 4.0.0
|
Description: Tamer Mohamed Hassan from eHosting DataFort reported several vulnerabilities in Fortibus CMS. A remote user can inject SQL commands. A remote user can also modify a target user's account information.
The 'logon.asp' script does not properly validate user-supplied input. A remote user can supply specially crafted parameter values
to execute SQL commands on the underlying database.
The 'WeeklyNotesDisplay.asp' script and the search page script are also affected.
A
remote authenticated user can exploit a flaw in the 'My info' page to modify a target user's account information, including the
administrative user. This can be exploited to reset the target user's password.
The vendor was notified on May 30, 2005.
|
Impact: A remote user can execute SQL commands on the underlying database.
A remote authenticated user can modify a target user's information, including resetting the password.
|
Solution: The vendor has provided a patch to customers and will include the fix in the next release.
|
Vendor URL: www.fortibus-inc.com/ (Links to External Site)
|
Cause: Access control error, Input validation error
|
Underlying OS: Windows (Any)
|
Reported By: "Tamer Hassan" <Tamer.Hassan@ehdf.com>
|
Message History:
None.
|
Source Message Contents
|
Date: Mon, 20 Jun 2005 08:20:57 +0400
From: "Tamer Hassan" <Tamer.Hassan@ehdf.com>
Subject: Fortibus CMS v4.0.0 Have Multiple Vulnerabilities
|
vendor description:
Fortibus CMS is a full-featured, powerful, yet easy to use Content Management System.
The purpose of using Fortibus CMS is to simplify the process of creating a
feature-rich, interactive web site. Best of all, Fortibus CMS doesn't take a team of
technical staff to install and support.
vulnerabilty overview:
1- input validation vulnerability in logon.asp which can lead to SQL injection in the
username/password login page
2-in the "My info" page any user can modify the information of another user including
Admin and reset the password
3-input validation vulnerability in WeeklyNotesDisplay.asp leads to SQL injection
4-input validation vulnerability in The search Page leads to SQL Injection
proof of concept
Can not be published to protect Fortibus clients
Vulnerable version
Fortibus CMS v4.0.0
Vendor status:
Vendor notified : Monday, May 30, 2005
Vendor Replied: Monday, May 30, 2005
Vendor was extremly fast to response : A ptach has been provided to clients, also the
issues will be fixed in the new version end of jun
Thanks
Tamer Mohamed Hassan
Security Engineer
( +971-4-3914077
* Tamer.hassan@ehdf.com
Picture (Metafile)
Dubai Technology and Media Free Zone
Tel: +971 4 3913828, Fax: +971 4 3913050
www.ehdf.com
The information contained in this communication is confidential and is intended only
for the use of the recipient named above, and may be legally privileged and exempt from
disclosure under applicable law. If the reader of this message is not the intended
recipient, please resend to sender and delete the original from your computer system.
You are hereby notified that any dissemination, distribution or copying of this
communication is strictly prohibited. Opinions, conclusions and other information in
this message that do not relate to our official business should be understood as
neither given nor endorsed.
|
|
