FerretCMS Multiple Security Vulnerabilities

FerretCMS is prone to the following security vulnerabilities:

1. Multiple SQL-Injection vulnerabilities
2. A cross-site scripting vulnerability
3. Multiple HTML-Injection vulnerabilities
4. An arbitrary file upload vulnerability

Exploiting these vulnerabilities could allow an attacker-supplied HTML or JavaScript code could run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials and to control how the site is rendered to the user, compromise the application, access or modify data, exploit latent vulnerabilities in the underlying database and to upload arbitrary files.

FerretCMS 1.0.4-alpha is vulnerable; other versions may also be affected.


 

Privacy Statement
Copyright 2010, SecurityFocus