News Feed
Sections




News Archive
Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Secunia.com:
CMS Mundo SQL Injection and File Upload Vulnerabilities
June 15, 2006 @ 06:18:05

Two new security issues have been posted for anyone using the CMS Mundo software - one allowing attackers to perform a SQL injection and the other an issue with the file upload functionality.

The details for these two issues can be found here on the Secunia site:

Secunia Research has discovered two vulnerabilities in CMS Mundo, which can be exploited by malicious people to conduct SQL injection attacks and compromise a vulnerable system.

Input passed to the "username" parameter in "controlpanel/" during login isn't properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

An input validation error in the image upload handling in the image gallery can be exploited to upload arbitrary PHP scripts to a predictable location inside the web root.

There is already a patch (version 1.0 build 008) for this issue, and all users of CMS Mundo are encouraged to update immediately so as not to fall victim to these issues.

0 comments voice your opinion now!
cms mundo vulnerabilities sql injection file upload cms mundo vulnerabilities sql injection file upload


blog comments powered by Disqus

Similar Posts

PHPImpact Blog: Open-source PHP applications that changed the world

ProDevTips: Writing a CMS/Community with Smarty and the Zend Framework: Part 8

DevShed: Uploading Files and Navigating Directories in PHP

Hasin Hayder's Blog: Vulnerable bug in CodeIgniter which took us hours to fix our corrupted database

Simas Toleikis' Blog: PHP data caching techniques


Community Events





Don't see your event here?
Let us know!


threedevsandamaybe developer community unittest testing code laravel api opinion series release list introduction language interview refactor podcast symfony2 install framework

All content copyright, 2014 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework