|
TITLE:
toendaCMS Disclosure of Sensitive Information
SECUNIA ADVISORY ID:
SA17471
VERIFY ADVISORY:
http://secunia.com/advisories/17471/
CRITICAL:
Moderately critical
IMPACT:
Exposure of sensitive information
WHERE:
>From remote
SOFTWARE:
toendaCMS 0.x
http://secunia.com/product/6059/
DESCRIPTION:
Bernhard Mueller has reported a security issue and a vulnerability in
toendaCMS, which can be exploited by malicious people to disclose
sensitive information.
1) The problem is that user credentials and session information are
stored inside the web root. This can be exploited to disclose
usernames, encrypted passwords, and session information for other
users.
Successful exploitation requires that a XML database is used.
2) Input passed to the "id_user" parameter in "admin.php" isn't
properly verified, before it is used to display files. This can be
exploited to disclose the content of arbitrary files via directory
traversal attacks.
Successful exploitation requires that a XML database is used.
It has also been reported that administrators can upload arbitrary
PHP scripts via the image upload functionality.
The security issue and the vulnerability have been reported in
versions prior to 0.6.2.
SOLUTION:
Update to version 0.6.2 or later.
http://www.toenda.com/en/?id=download&s=nano&action=showone&category=
Software
PROVIDED AND/OR DISCOVERED BY:
Bernhard Mueller, SEC Consult
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
|
