SetucoCMS Multiple Security Vulnerabilities

SetucoCMS is prone to the following security vulnerabilities.

1. A Cross-site request-forgery vulnerability.
2. A Cross-site scripting Vulnerability.
3. An SQL-injection vulnerability.
4. An unspecified denial-of-service vulnerability.
5. A code injection vulnerability.
6. Weak session management vulnerability.

Attackers can exploit these issues to steal cookie-based authentication credentials, to execute arbitrary scripts in the context of the web server process, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database or to execute arbitrary code in the context of the affected application and to bypass certain security restrictions and perform unauthorized actions. Failed attacks may cause a denial of service condition. This may aid in launching further attacks.


 

Privacy Statement
Copyright 2010, SecurityFocus