Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:23973
HistoryJun 02, 2010 - 12:00 a.m.

[Bkis-02-2010] Multiple Vulnerabilities in CMS Made Simple - Bkis

2010-06-0200:00:00
vulners.com
31
JSON

[Bkis-02-2010] Multiple Vulnerabilities in CMS Made Simple

  1. General information

CMS Made Simple is a free content management system (CMS) written in PHP,
available at www.cmsmadesimple.org. In March, 2010, Bkis Security discovered
some XSS and CSRF vulnerabilities in CMS Made Simple 1.7.1. Taking advantage
of these vulnerabilities, hacker is able to insert pieces of code into the
path's link to execute in user's browser, causing the loss of cookies and
session. Hacker is also able to trick users into manipulating some of the
system's functions without users' knowledge. Bkis has informed the CMS Made
Simple's development team of these vulnerabilities.

Details:
http://security.bkis.com/multiple-vulnerabilities-in-cms-made-simple/
SVRT Advisory: Bkis-02-2010
Initial vendor notification: 05/12/2010
Release Date: 06/21/2010
Update Date: 06/21/2010
Discovered by: Truong Thao Nguyen, Do Hoang Bach, Cao Xuan Sang
Attack Type: XSS, CSRF
Security Rating: High
Impact: Code Execution
Affected Software: CMS Made Simple (version <= 1.7.1)

  1. Technical details

The XSS vulnerability is found in the following modules:

  • Add Pages
  • Add Global Content
  • Edit Global Content
  • Add Article
  • Add Category
  • Add Field Definition
  • Add Shortcut

Since the input variants of this function are not carefully checked and
filtered, hacker is able to insert pieces of code into the path's link. When
users sign in and click this link, the malicious code (JavaScript) will be
executed, leading to the loss of cookies, session, etc.

The CSRF vulnerability is found in the following module:

  • Changes group permission

Since a task is performed without seeking users' prior permission first,
users can be tricked into performing a task without awareness. Thus, hacker
is able to perform malicious actions via legitimate users.

In addition, the vulnerabilities are all found in content management section
of CMSMadeSimple. Thus, the victims of such vulnerabilities are the system's
administrators, editors and designers.

  1. Solution

CMSMadeSimple's development team has not issued the patches for these
vulnerabilities yet. Thus, Bkis strongly recommends individuals and
organizations that use this software to take caution when receiving links,
and at the same time keep track of the information about the latest software
version to update.

Bui Quang Minh
Manager - Vuln Team - Bkis Security - Bkis

Office : Hitech building - 1A Dai Co Viet, Hanoi
Email : [email protected]
Website : www.bkav.com.vn; www.bkav.com
Blog : security.bkis.com

JSON