• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

ContentNow Multiple Input Validation Vulnerabilities

ContentNow is prone to multiple input-validation vulnerabilities. These issues include multiple local file-include vulnerabilities, an unauthorized-directory-access vulnerability, multiple directory-traversal vulnerabilities, and a cross-site scripting vulnerability.

An attacker can exploit these issues to upload and execute malicious PHP code execute in the context of the webserver process, to view sensitive information, and to steal cookie-based authentication credentials. This may allow the attacker to compromise the application and the underlying system; other attacks are also possible.

These issues affect version 1.30; other versions may also be vulnerable.