| EDB-ID: 31975 | Author: CWH Underground | Published: 2008-06-26 | |
| CVE: CVE-2008-5164 | Type: Webapps | Platform: PHP | |
| Aliases: N/A | Advisory/Source: Link | Tags: N/A | |
E-DB Verified:
 |
Exploit:
 Download
/
View Raw
|
Vulnerable App: N/A | |
source: http://www.securityfocus.com/bid/29959/info The Rat CMS is prone to multiple input-validation vulnerabilities, including SQL-injection issues and cross-site scripting issues, because it fails to sufficiently sanitize user-supplied data. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. The Rat CMS Pre-Alpha 2 is vulnerable; other versions may also be affected. http://www.example.com/[trcms_path]/viewarticle.php/<XSS> http://www.example.com/[trcms_path]/viewarticle.php?id=<XSS>
Related Exploits
Trying to match CVEs (1): CVE-2008-5164Trying to match OSVDBs (1): 50004
Other Possible E-DB Search Terms: The Rat CMS
| Date | D | V | Title | Author |
|---|---|---|---|---|
| 2008-12-14 | |
|
The Rat CMS Alpha 2 - 'download.php' Remote | x0r |
| 2009-01-04 | |
|
The Rat CMS Alpha 2 - Blind SQL Injection | darkjoker |
| 2008-06-26 | |
|
The Rat CMS - viewarticle.php id Parameter SQL Injection | CWH Undergr... |
| 2008-06-26 | |
|
The Rat CMS - viewarticle2.php id Parameter Cross-Site Scripting | CWH Undergr... |
| 2008-06-26 | |
|
The Rat CMS - viewarticle2.php id Parameter SQL Injection | CWH Undergr... |
| 2009-09-09 | |
|
The Rat CMS Alpha 2 - Arbitrary File Upload | Securitylab.ir |
| 2008-12-15 | |
|
The Rat CMS Alpha 2 - Authentication Bypass | x0r |