Professional Site Immobiliare Multi Vulnerabilities

I found this vulnerability 2 months ago, I was in contact with the owner of such cms, but the hole seem not fixed yet.

======= { Advisory 25/8/2010 } ========

Professional Site Immobiliare Multiple vulnerabilities

Vendor’s Description of Software:
Application Info:
# Name: Professional Site Immobiliare
Vulnerability Info:
# Type: SQL injection
# Type: Remote File Upload
# High
Time Table:
# 02/06/2010 – Discovery
# 03/06/2010 – Vendor notified.
# N/A
# Input validation of  “id_annuncio”  parameter should be filtered.
# Image validation should be on server side and not accessible.


# Discoverd By: Locu

# Website:

# Contacts: xlocux[-at-]

============== { EOF } ==============


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s