Professional Site Immobiliare Multi Vulnerabilities

I found this vulnerability 2 months ago, I was in contact with the owner of such cms, but the hole seem not fixed yet.

======= { Advisory 25/8/2010 } ========

Professional Site Immobiliare Multiple vulnerabilities

Vendor’s Description of Software:
Application Info:
# Name: Professional Site Immobiliare
Vulnerability Info:
# Type: SQL injection
# Type: Remote File Upload
Risk:
# High
Time Table:
# 02/06/2010 – Discovery
# 03/06/2010 – Vendor notified.
Fix:
# N/A
Vulnerabilities:
Solution:
# Input validation of  “id_annuncio”  parameter should be filtered.
# Image validation should be on server side and not accessible.

Credits:

# Discoverd By: Locu

# Website: https://xlocux.wordpress.com

# Contacts: xlocux[-at-]gmail.com

============== { EOF } ==============

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s