Thursday, September 9, 2010

chillyCMS: Multiple Vulnerabilities

Users of chillyCMS please be advised of a Multiple Vulnerabilities that has been identified.

To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)

Amplify’d from www.criticalwatch.com
chillyCMS-SA-09/05/2010: chillyCMS Multiple Vulnerabilities
- Vulnerability:

####################



+--> SQL Injection

The username, in the login form, is one-parenthesis single-quoted

injectable. For details check

the PoC section.



+--> Reflective XSS

Whenever login failed, the username will be printed without

sanitizing on the main page. This could

be used for executing any JavaScript code.
Read more at www.criticalwatch.com
 

No comments:

Post a Comment