• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

MTCMS Multiple Input Validation Vulnerabilities

MTCMS is prone to multiple input-validation issues, including two arbitrary-file-upload vulnerabilities and two HTML-injection vulnerabilities.

Attackers can exploit these issues to execute arbitrary HTML or script code in the context of the webserver process.

Exploiting these issues may allow attackers to compromise the application and the underlying system or to steal cookie-based authentication credentials; other attacks are also possible.