Summary
eliteCMS is prone to a vulnerability that lets attackers upload and execute arbitrary PHP code. The application is also prone to a cross-site scripting issue and to a SQL Injection Vulnerability.
These issues occur because the application fails to sufficiently sanitize user-supplied input.
Attackers can exploit these issues to steal cookie information, execute arbitrary client-side scripts in the context of the browser, upload and execute arbitrary files in the context of the webserver, compromise the application, access or modify data, exploit latent vulnerabilities in the underlying database and launch other attacks.
These issues affect eliteCMS 1.01
other versions may also be
affected.
References
Severity
Classification
-
CVE CVE-2008-4046 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Atmail Multiple Unspecified Security Vulnerabilities.
- Adiscon LogAnalyzer Multiple SQL Injection and XSS Vulnerabilities
- Adobe ColdFusion Authentication Bypass Vulnerability
- Apache Struts2 'URL' & 'Anchor' tags Arbitrary Java Method Execution Vulnerabilities
- AlienVault OSSIM SQL Injection and Remote Code Execution Vulnerabilities