SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Forum/Board/Portal)  >   Fortibus CMS Vendors:   Fortibus
Fortibus CMS Input Validation Flaws Let Remote Users Injection SQL Commands
SecurityTracker Alert ID:  1014242
SecurityTracker URL:  http://securitytracker.com/id/1014242
CVE Reference:   CVE-2005-2037, CVE-2005-2038   (Links to External Site)
Updated:  Jul 17 2008
Original Entry Date:  Jun 20 2005
Impact:   Disclosure of system information, Disclosure of user information, Modification of user information, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 4.0.0
Description:   Tamer Mohamed Hassan from eHosting DataFort reported several vulnerabilities in Fortibus CMS. A remote user can inject SQL commands. A remote user can also modify a target user's account information.

The 'logon.asp' script does not properly validate user-supplied input. A remote user can supply specially crafted parameter values to execute SQL commands on the underlying database.

The 'WeeklyNotesDisplay.asp' script and the search page script are also affected.

A remote authenticated user can exploit a flaw in the 'My info' page to modify a target user's account information, including the administrative user. This can be exploited to reset the target user's password.

The vendor was notified on May 30, 2005.

Impact:   A remote user can execute SQL commands on the underlying database.

A remote authenticated user can modify a target user's information, including resetting the password.

Solution:   The vendor has provided a patch to customers and will include the fix in the next release.
Vendor URL:  www.fortibus-inc.com/ (Links to External Site)
Cause:   Access control error, Input validation error
Underlying OS:  Windows (Any)

Message History:   None.


 Source Message Contents

Subject:  Fortibus CMS v4.0.0 Have Multiple Vulnerabilities



vendor description:

 Fortibus CMS is a full-featured, powerful, yet easy to use Content Management System. 
The purpose of using Fortibus CMS is to simplify the process of creating a 
feature-rich, interactive web site. Best of all, Fortibus CMS doesn't take a team of 
technical staff to install and support.

vulnerabilty overview:

1- input validation vulnerability in logon.asp which can lead to SQL injection in the 
username/password login page

2-in the "My info" page any user can modify the information of another user including 
Admin and reset the password

 3-input validation vulnerability in WeeklyNotesDisplay.asp leads to SQL injection

4-input validation vulnerability in The search Page leads to SQL Injection

proof of concept

Can not be published to protect Fortibus clients

Vulnerable version

Fortibus CMS v4.0.0

Vendor status:

Vendor notified : Monday, May 30, 2005

Vendor Replied: Monday, May 30, 2005

Vendor was extremly fast to response : A ptach has been provided to clients, also the 
issues will be fixed in the new version end of jun

Thanks

Tamer Mohamed Hassan

Security Engineer

( +971-4-3914077

* Tamer.hassan@ehdf.com

Picture (Metafile)

Dubai Technology and Media Free Zone

Tel: +971 4 3913828, Fax: +971 4 3913050

www.ehdf.com

 

The information contained in this communication is confidential and is intended only 
for the use of the recipient named above, and may be legally privileged and exempt from 
disclosure under applicable law.  If the reader of this message is not the intended 
recipient, please resend to sender and delete the original from your computer system.  
You are hereby notified that any dissemination, distribution or copying of this 
communication is strictly prohibited.  Opinions, conclusions and other information in 
this message that do not relate to our official business should be understood as 
neither given nor endorsed.
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC