Fork CMS Cross Site Scripting And Local File Include Vulnerabilities Network Vulnerability

Summary

Fork CMS is prone to multiple cross-site scripting vulnerabilities and a local file include vulnerability. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, and open or run arbitrary files in the context of the webserver process. Fork CMS 3.2.4 is vulnerable other versions may also be affected.

Solution

Vendor update is available. Please see the references for more information.

References

http://www.fork-cms.com/blog/detail/fork-cms-3-2-5-released
http://www.fork-cms.com/features
http://www.securityfocus.com/bid/51972
https://github.com/forkcms/forkcms/commit/c8ec9c58a6b3c46cdd924532c1de99bcda6072ed
https://github.com/forkcms/forkcms/commit/df75e0797a6540c4d656969a2e7df7689603b2cf

Updated on 2015-03-25

Severity

Classification

CVE CVE-2012-1207, CVE-2012-1208, CVE-2012-1209

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:P/I:N/A:N

Related Vulnerabilities

AbanteCart Multiple Cross-Site Scripting Vulnerabilities
Apache Solr Directory Traversal Vulnerability Jan-14
AMSI 'file' Parameter Directory Traversal Vulnerability
Andromeda Streaming MP3 Server Cross Site Scripting Vulnerability
AjaXplorer 'doc_file' Parameter Local File Disclosure Vulnerability

Fork CMS Cross Site Scripting and Local File Include Vulnerabilities

Take action and discover your vulnerabilities