SyndeoCMS Local File Include, Cross Site Scripting, And HTML Injection Vulnerabilities Network Vulnerability

Summary

SyndeoCMS is prone to a local file-include, a cross-site scripting, and an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input. Exploiting the local file-include issue allows remote attackers to view or execute local files within the context of the webserver process. An attacker may leverage the cross-site scripting and HTML-injection issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials, render how the site is displayed, or to launch other attacks. SyndeoCMS version 2.8.02 and prior are vulnerable.

References

http://www.syndeocms.org/
https://www.securityfocus.com/bid/42978

Updated on 2015-03-25

Severity

Classification

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N

Related Vulnerabilities

Apache ActiveMQ Multiple Vulnerabilities
11in1 Cross Site Request Forgery and Local File Include Vulnerabilities
Aardvark Topsites <= 4.2.2 Remote File Inclusion Vulnerability
Adiscon LogAnalyzer 'highlight' Parameter Cross Site Scripting Vulnerability
Apache Open For Business HTML injection vulnerability

SyndeoCMS Local File Include, Cross Site Scripting, and HTML Injection Vulnerabilities

Take action and discover your vulnerabilities