|
Description
|
|
Some vulnerabilities have been discovered in OneCMS, which can be exploited by malicious people to bypass certain security restrictions, conduct SQL injection attacks, and compromise a vulnerable system.
1) Input passed via the "rank" parameter to boards.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
2) Input passed via the "username" POST parameter to admin.php (when "load" is set to "login" and "login" is set to "yes") is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
3) Some vulnerabilities are caused due to a bundled version of TimThumb.
For more information:
SA45416
The vulnerabilities are confirmed in version 2.6.4. Other versions may also be affected.
|
