Details of VAR-E-200904-0252

ID

VAR-E-200904-0252

TITLE

Pragyan CMS Multiple SQL Injection Vulnerabilities

Trust: 0.3

sources: BID: 34707

DESCRIPTION

Pragyan CMS is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Pragyan CMS 2.6.4 is vulnerable; other versions may also be affected.

Trust: 0.3

sources: BID: 34707

AFFECTED PRODUCTS

vendor:	pragyan	model:	cms pragyan cms	scope:	eq	version:	2.6.4	Trust: 0.3
vendor:	pragyan	model:	cms pragyan cms	scope:	eq	version:	2.6.2	Trust: 0.3
vendor:	pragyan	model:	cms pragyan cms	scope:	ne	version:	3.0	Trust: 0.3

sources: BID: 34707

EXPLOIT

Attackers can use a browser to exploit these issues.
The following example URI is available:
http://www.example.com/path/?action=view&fileget=-1' UNION ALL SELECT 'evil_code',2,3,4,5,6,7 INTO OUTFILE '/path/evil.php'%23

Trust: 0.3

sources: BID: 34707

PRICE

Free

Trust: 0.3

sources: BID: 34707

TYPE

Input Validation Error

Trust: 0.3

sources: BID: 34707

CREDITS

Salvatore "drosophila" Fresta

Trust: 0.3

sources: BID: 34707

EXTERNAL IDS

db:

BID

id:

34707

Trust: 0.3

sources: BID: 34707

REFERENCES

url:

http://sourceforge.net/projects/pragyan/

Trust: 0.3

sources: BID: 34707

SOURCES

db:

BID

id:

34707

LAST UPDATE DATE

2022-07-27T09:50:34.540000+00:00

SOURCES UPDATE DATE

db:

BID

id:

34707

date:

2010-08-09T16:15:00

SOURCES RELEASE DATE

db:

BID

id:

34707

date:

2009-04-24T00:00:00