Summary
The host is running TemaTres and is prone to Multiple XSS and SQL Injection Vulnerabilities.
Impact
Successful attacks will let the attacker steal cookie-based authentication credentials, compromise the application, access or modify data, or can exploit latest vulnerabilities in the underlying database when 'magic_quotes_gpc' is disabled.
Impact Level: Application
Solution
Upgrade to TemaTres version 1.033 or later.
For updates refer to http://www.r020.com.ar/tematres/index.en.html#indice
Insight
Multiple flaws are due to
- In-adequate check of user supplied input which causes input validation error in the search form.
- Validation check error in accepting user input for the following parameters a) _expresion_de_busqueda, b) letra c) estado_id and d) tema e) PATH_TO inside index.php.
- Validation check error in accepting user input for the following parameters a) y b) ord and c) m inside sobre.php.
- Validation check error in accepting user input for the following parameters a) mail b) password inside index.php.
- Validation check error in accepting user input for the following parameters a) dcTema b) madsTema c) zthesTema d) skosTema and e) xtmTema inside xml.php.
Affected
TemaTres version 1.031 and prior
References
Updated on 2017-03-28
Severity
Classification
-
CVE CVE-2009-1583, CVE-2009-1584, CVE-2009-1585 -
CVSS Base Score: 6.0
AV:N/AC:M/Au:S/C:P/I:P/A:P
Related Vulnerabilities
- Admidio get_file.php Remote File Disclosure Vulnerability
- APC PowerChute Network Shutdown 'security/applet' Cross Site Scripting Vulnerability
- @Mail 'MailType' Parameter Cross Site Scripting Vulnerability
- 11in1 Cross Site Request Forgery and Local File Include Vulnerabilities
- Apache Subversion Module Metadata Accessible