Details of VAR-201204-0230

ID

VAR-201204-0230

TITLE

EmbryoCore CMS HTML Injection Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2012-1976

DESCRIPTION

An attacker can use this problem to execute arbitrary code on the affected machine for the purpose of the attack. EmbryoCore CMS is a content management system. There is a SQL injection vulnerability in EmbryoCore CMS. Because the EmbryoCore CMS fails to properly filter user-submitted input, remote attackers can exploit vulnerabilities to submit malicious SQL queries for database-sensitive information or control applications. Exploiting these issues may allow an attacker to compromise the application, access or modify data, exploit vulnerabilities in the underlying database, execute HTML and script code in the context of the affected site, steal cookie-based authentication credentials, or control how the site is rendered to the user; other attacks are also possible. EmbryoCore CMS 1.03 is vulnerable; other versions may also be affected

Trust: 1.71

sources: CNVD: CNVD-2012-1976 // CNVD: CNVD-2012-1961 // BID: 53016 // IVD: c3cccff0-1f6b-11e6-abef-000c29c66e3d // IVD: 53971628-1f6b-11e6-abef-000c29c66e3d

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 1.6

sources: IVD: c3cccff0-1f6b-11e6-abef-000c29c66e3d // IVD: 53971628-1f6b-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-1976 // CNVD: CNVD-2012-1961

AFFECTED PRODUCTS

vendor:	embryocore	model:	cms embryocore cms	scope:	eq	version:	1.03	Trust: 1.5
vendor:	embryocore	model:	cms	scope:	eq	version:	*	Trust: 0.4
vendor:	embryocore	model:	cms	scope:	eq	version:	1.03	Trust: 0.4

sources: IVD: c3cccff0-1f6b-11e6-abef-000c29c66e3d // IVD: 53971628-1f6b-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-1976 // CNVD: CNVD-2012-1961 // BID: 53016

CVSS

SEVERITY

CVSSV2

CVSSV3

IVD:	c3cccff0-1f6b-11e6-abef-000c29c66e3d
value:	MEDIUM
Trust: 0.2
IVD:	53971628-1f6b-11e6-abef-000c29c66e3d
value:	HIGH
Trust: 0.2

IVD:	c3cccff0-1f6b-11e6-abef-000c29c66e3d
severity:	NONE
baseScore:	NONE
vectorString:	NONE
accessVector:	NONE
accessComplexity:	NONE
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	UNKNOWN
Trust: 0.2
IVD:	53971628-1f6b-11e6-abef-000c29c66e3d
severity:	NONE
baseScore:	NONE
vectorString:	NONE
accessVector:	NONE
accessComplexity:	NONE
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	UNKNOWN
Trust: 0.2

sources: IVD: c3cccff0-1f6b-11e6-abef-000c29c66e3d // IVD: 53971628-1f6b-11e6-abef-000c29c66e3d

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201204-302

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201204-302

EXTERNAL IDS

db:	BID	id:	53016	Trust: 2.1
db:	CNVD	id:	CNVD-2012-1976	Trust: 0.8
db:	CNVD	id:	CNVD-2012-1961	Trust: 0.8
db:	CNNVD	id:	CNNVD-201204-302	Trust: 0.6
db:	IVD	id:	C3CCCFF0-1F6B-11E6-ABEF-000C29C66E3D	Trust: 0.2
db:	IVD	id:	53971628-1F6B-11E6-ABEF-000C29C66E3D	Trust: 0.2

sources: IVD: c3cccff0-1f6b-11e6-abef-000c29c66e3d // IVD: 53971628-1f6b-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-1976 // CNVD: CNVD-2012-1961 // BID: 53016 // CNNVD: CNNVD-201204-302

REFERENCES

url:	http://www.securityfocus.com/bid/53016	Trust: 1.2
url:	http://www.vulnerability-lab.com/get_content.php?id=503	Trust: 0.9
url:	http://embryocore.sourceforge.net/	Trust: 0.3

sources: CNVD: CNVD-2012-1976 // CNVD: CNVD-2012-1961 // BID: 53016 // CNNVD: CNNVD-201204-302

CREDITS

Kevin J of the Vulnerability Research Laboratory

Trust: 0.9

sources: BID: 53016 // CNNVD: CNNVD-201204-302

SOURCES

db:	IVD	id:	c3cccff0-1f6b-11e6-abef-000c29c66e3d
db:	IVD	id:	53971628-1f6b-11e6-abef-000c29c66e3d
db:	CNVD	id:	CNVD-2012-1976
db:	CNVD	id:	CNVD-2012-1961
db:	BID	id:	53016
db:	CNNVD	id:	CNNVD-201204-302

LAST UPDATE DATE

2022-05-17T01:53:21.294000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2012-1976	date:	2012-04-18T00:00:00
db:	CNVD	id:	CNVD-2012-1961	date:	2012-04-20T00:00:00
db:	BID	id:	53016	date:	2012-04-16T00:00:00
db:	CNNVD	id:	CNNVD-201204-302	date:	2012-04-18T00:00:00

SOURCES RELEASE DATE

db:	IVD	id:	c3cccff0-1f6b-11e6-abef-000c29c66e3d	date:	2012-04-18T00:00:00
db:	IVD	id:	53971628-1f6b-11e6-abef-000c29c66e3d	date:	2012-04-20T00:00:00
db:	CNVD	id:	CNVD-2012-1976	date:	2012-04-18T00:00:00
db:	CNVD	id:	CNVD-2012-1961	date:	2012-04-20T00:00:00
db:	BID	id:	53016	date:	2012-04-16T00:00:00
db:	CNNVD	id:	CNNVD-201204-302	date:	2012-04-18T00:00:00