|
Description
|
|
Sysdream IT Security Services has discovered a weakness and two vulnerabilities in POSH, which can be exploited by malicious people to conduct spoofing, cross-site scripting, and SQL injection attacks.
1) Input passed via the "rssurl" parameter to portal/addtoapplication.php (when "pid" is set) is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
2) Input passed via the "redirect" POST parameter to portal/scr_sndmd5.php (when "username" is set and "update" is set to "Send") is not properly sanitised before being used to redirect users. This can be exploited to redirect a user to an arbitrary website e.g. when a user clicks a specially crafted link to the affected script hosted on a trusted domain.
3) Input passed via the "error" parameter to includes/plugins/mobile/scripts/login.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in the context of an affected site.
The weakness and the vulnerabilities are confirmed in version 3.2.1. Other versions may also be affected.
|
