• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Academic Web Tools CMS 1.4.2.8 Multiple Input Validation Vulnerabilities

Academic Web Tools CMS is prone to multiple input-validation vulnerabilities:

- A directory-traversal vulnerability
- Multiple cross-site scripting vulnerabilities
- An HTML-injection vulnerability
- An SQL-injection vulnerability
- Multiple session-fixation vulnerabilities

Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, gain unauthorized access to the affected application, access or modify data, execute arbitrary local scripts, retrieve potentially sensitive information, or exploit latent vulnerabilities in the underlying database.

Academic Web Tools CMS 1.4.2.8 is vulnerable; other versions may also be affected.