Users of chillyCMS please be advised of a Multiple Vulnerabilities that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
Amplify’d from www.criticalwatch.com
chillyCMS-SA-09/05/2010: chillyCMS Multiple Vulnerabilities
- Vulnerability:
####################
+--> SQL Injection
The username, in the login form, is one-parenthesis single-quoted
injectable. For details check
the PoC section.
+--> Reflective XSS
Whenever login failed, the username will be printed without
sanitizing on the main page. This could
be used for executing any JavaScript code.
Read more at www.criticalwatch.com
See this Amp at http://bit.ly/biJaEg

No comments:
Post a Comment