Advisories » Sava CMS Cross-Site Scripting andRemote SQL Injection Vulnerabilities

Release Date:	23/05/2008	Severity:	Moderately Critical
SecWatch Advisory:	SWID1021273	Cause:	Input validation error
Solution Status:	Vendor Patch	Impact:	Cross Site Scripting SQL Injection
Exploit Status:	None Available	Access Vector:	From remote
Affected Software:	Sava CMS 5.x
Secunia:	SA30367
Bugtraq ID:	BID#29346

Description:

Multiple input validation vulnerabilities in Sava CMS have been reported, which can be exploited by remote users to conduct SQL injection and cross-site scripting attacks.

1) User-supplied input passed to the "LinkServID" parameter in index.cfm is not properly sanitised before being used in SQL queries. This can be exploited by a specially crafted parameter value to execute arbitrary SQL commands on the underlying database.

2) User-supplied input passed to the "keywords" parameter in index.cfm is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary script code in the security context of an affected website, as a result the code will be able to access any of the target user's cookies, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.

Affected:

Sava CMS versions prior to 5.0.122.

Solution:

The vulnerabilities have been fixed in version 5.0.122.

Credits:

Russ McRee, Holistic InfoSec.org

Free Vulnerability Notification Service

Receive free instant and customisable notifications of new vulnerabilities or exploits via e-mail, web or RSS feeds. Click here for more information.