|
Description
|
|
High-Tech Bridge SA has discovered two vulnerabilities in DAlbum, which can be exploited by malicious people to conduct cross-site scripting and cross-site request forgery attacks.
1) Input passed to the "url" parameter in editini.php (when "album" is set to a valid value) is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
This vulnerability is confirmed in version 1.43 build 173. Prior versions may also be affected.
2) The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to e.g. change the administrator's password by tricking a logged in administrator into visiting a malicious web site.
This vulnerability is confirmed in version 1.44 build 174. Other versions may also be affected.
|
|
|
|
|
|
Vulnerable Products
|
|
Vulnerable Software:
DAlbum 1.x
|
|
|
|
|
|
Solution
|
|
Update to version 1.44 build 174, which fixes vulnerability #1. Do not browse untrusted sites or follow untrusted links while being logged-in to the application.
|
|
|
|
|
|
CVE
|
|
|
|
|
|
|
|
References
|
|
HTB22941:
http://www.htbridge.ch/advisory/csrf_cross_site_request_forgery_in_dalbum.html
HTB22943:
http://www.htbridge.ch/advisory/xss_in_dalbum.html
|
|
|
|
|
|
Vulnerability Manager Detection
|
|
No
|
|
|
|
|
|
IPS Protection
|
|
|
|
|
|
|
