HomePentest-Tools.com Logo

appRain CMF <= 0.1.5 Multiple Vulnerabilities - Active Check CVE-2011-5228CVE-2011-5229

Severity
Not available
CVSSv3 Score
Not available
Vulnerability description

appRain CMF is prone to SQL injection (SQLi) and cross-site scripting (XSS) vulnerabilities.

Risk description

Multiple flaws are due to an input passed via - PATH_INFO to quickstart/profile/index.php in the Forum module is not properly sanitized before being used in a SQL query. - ss parameter in search action is not properly verified before it is returned to the user. Successful exploitation will allow the attackers to execute arbitrary web script or HTML in a users browser session in the context of an affected site and manipulate SQL queries by injecting arbitrary SQL code.

Recommendation

No known solution was made available for at least one year since the disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one.

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
Oct 25, 2012
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available