SyndeoCMS Local File Include, Cross Site Scripting, And HTML Injection Vulnerabilities Network Vulnerability

Summary

SyndeoCMS is prone to a local file-include, a cross-site scripting, and an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input. Exploiting the local file-include issue allows remote attackers to view or execute local files within the context of the webserver process. An attacker may leverage the cross-site scripting and HTML-injection issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials, render how the site is displayed, or to launch other attacks. SyndeoCMS version 2.8.02 and prior are vulnerable.

References

http://www.syndeocms.org/
https://www.securityfocus.com/bid/42978

Updated on 2015-03-25

Severity

Classification

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N

Related Vulnerabilities

Apache Tomcat RemoteFilterValve Security Bypass Vulnerability
Annuaire PHP 'sites_inscription.php' Cross Site Scripting Vulnerability
Apache Tomcat Multiple Vulnerabilities June-09
AMSI 'file' Parameter Directory Traversal Vulnerability
Alt-N WebAdmin Remote Source Code Information Disclosure Vulnerability

SyndeoCMS Local File Include, Cross Site Scripting, and HTML Injection Vulnerabilities

Take action and discover your vulnerabilities