|
Description
|
|
A security issue and multiple vulnerabilities have been discovered in razorCMS, which can be exploited by malicious users to conduct script insertion attacks and compromise a vulnerable system and by malicious people to disclose sensitive information and conduct cross-site request forgery attacks.
1) Input passed via the "content" parameter to admin/index.php when creating or editing a page is not properly sanitised before being displayed to the user. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed.
This vulnerability is confirmed in version 1.0 STABLE and 1.2.1 STABLE. Other versions may also be affected.
2) The application stores a database backup inside the "datastore/backup" directory within the web root and can be exploited to disclose sensitive information by downloading the file.
This security issue is confirmed in version 1.2.1 STABLE. Other versions may also be affected.
3) The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to e.g. unpublish site content by tricking a logged in administrator into visiting a malicious web site.
4) The admin/core/admin_func.php script does not verify uploaded files and can be exploited to execute arbitrary PHP code by uploading a malicious PHP script.
These vulnerabilities are confirmed in version 1.2.1 STABLE. Other versions may also be affected.
|
