The host is installed with ArticleFR CMS and is prone to multiple vulnerabilities.

Successful exploitation will allow remote attackers to inject or manipulate SQL queries in the back-end database and execute arbitrary HTML and script code in a users browser session in the context of an affected site. Impact Level: Application

No solution or patch is available as of 28th January, 2015. Information regarding this issue will be updated once the solution details are available. For updates refer http://freereprintables.com

Input passed via the 'username' parameter to register and 'q' parameter to search/v/ is not properly sanitised before being returned to the user.

ArticleFR CMS version 3.0.5, Prior versions may also be affected.

Send a crafted data via HTTP GET request and check whether it is able to read cookie or not.

• http://osvdb.org/117489
• http://packetstormsecurity.com/files/130066
• http://seclists.org/fulldisclosure/2015/Jan/81
• http://seclists.org/fulldisclosure/2015/Jan/101
• http://www.exploit-db.com/exploits/35857

---

Updated on 2015-03-25