Fortibus CMS Input Validation Flaws Let Remote Users Injection SQL Commands
SecurityTracker Alert ID: 1014242|
SecurityTracker URL: http://securitytracker.com/id/1014242
(Links to External Site)
Updated: Jul 17 2008|
Original Entry Date: Jun 20 2005
Disclosure of system information, Disclosure of user information, Modification of user information, User access via network|
Fix Available: Yes Vendor Confirmed: Yes |
Tamer Mohamed Hassan from eHosting DataFort reported several vulnerabilities in Fortibus CMS. A remote user can inject SQL commands. A remote user can also modify a target user's account information.|
The 'logon.asp' script does not properly validate user-supplied input. A remote user can supply specially crafted parameter values to execute SQL commands on the underlying database.
The 'WeeklyNotesDisplay.asp' script and the search page script are also affected.
A remote authenticated user can exploit a flaw in the 'My info' page to modify a target user's account information, including the administrative user. This can be exploited to reset the target user's password.
The vendor was notified on May 30, 2005.
A remote user can execute SQL commands on the underlying database.|
A remote authenticated user can modify a target user's information, including resetting the password.
The vendor has provided a patch to customers and will include the fix in the next release.|
Vendor URL: www.fortibus-inc.com/ (Links to External Site)
Access control error, Input validation error|
|Underlying OS: Windows (Any)|
Source Message Contents
Subject: Fortibus CMS v4.0.0 Have Multiple Vulnerabilities|
Fortibus CMS is a full-featured, powerful, yet easy to use Content Management System.
The purpose of using Fortibus CMS is to simplify the process of creating a
feature-rich, interactive web site. Best of all, Fortibus CMS doesn't take a team of
technical staff to install and support.
1- input validation vulnerability in logon.asp which can lead to SQL injection in the
username/password login page
2-in the "My info" page any user can modify the information of another user including
Admin and reset the password
3-input validation vulnerability in WeeklyNotesDisplay.asp leads to SQL injection
4-input validation vulnerability in The search Page leads to SQL Injection
proof of concept
Can not be published to protect Fortibus clients
Fortibus CMS v4.0.0
Vendor notified : Monday, May 30, 2005
Vendor Replied: Monday, May 30, 2005
Vendor was extremly fast to response : A ptach has been provided to clients, also the
issues will be fixed in the new version end of jun
Tamer Mohamed Hassan
Dubai Technology and Media Free Zone
Tel: +971 4 3913828, Fax: +971 4 3913050
The information contained in this communication is confidential and is intended only
for the use of the recipient named above, and may be legally privileged and exempt from
disclosure under applicable law. If the reader of this message is not the intended
recipient, please resend to sender and delete the original from your computer system.
You are hereby notified that any dissemination, distribution or copying of this
communication is strictly prohibited. Opinions, conclusions and other information in
this message that do not relate to our official business should be understood as
neither given nor endorsed.