This host is installed with Etiko CMS and prone to multiple vulnerabilities.

Successful exploitation will allow remote attackers to inject or manipulate SQL queries in the back-end database allowing for the manipulation or disclosure of arbitrary data, and execute arbitrary HTML and script code in a users browser session in the context of an affected site. Impact Level: Application

No solution or patch is available as of 20th February, 2015. Information regarding this issue will be updated once the solution details are available. For updates refer to www.etikweb.com

Input passed via the 'page_id' GET parameter to /loja/index.php script and 'article_id' parameter to /index.php script is not validated before returning it to users.

Etiko CMS version 2.14 and earlier.

Send a crafted data via HTTP GET request and check whether it is able to read cookie or not.

• http://packetstormsecurity.com/files/128644
• http://www.osvdb.org/113856
• http://www.osvdb.org/113857
• http://www.osvdb.org/113858
• http://www.osvdb.org/113859

---

Updated on 2015-03-25