|
Description
|
|
Multiple vulnerabilities have been discovered in FestOS, which can be exploited by malicious people to disclose potentially sensitive information and conduct cross-site scripting and SQL injection attacks.
1) Input passed to the "theme" parameter in index.php, artists.php, contacts.php, applications.php, entertainers.php, exhibitors.php, foodvendors.php, performanceschedule.php, sponsors.php, and winners.php is not properly verified before being used to include files. This can be exploited to include arbitrary files from local resources via directory traversal attacks and URL-encoded NULL bytes.
Successful exploitation requires that "magic_quotes_gpc" is disabled.
2) Input passed to the "category" parameter in foodvendors.php (when "view" is set to "details" and "vendorID" is set to any number) is not properly sanitised in festos_foodvendors.php before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
3) Input passed via the "username" parameter to admin/do_login.php and via the "email" and "password" parameters to festos_z_dologin.php is not properly sanitised before being used in an SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
Successful exploitation requires that "magic_quotes_gpc" is disabled.
The vulnerabilities are confirmed in version 2.3b. Other versions may also be affected.
|
