724CMS 5.01 / 4.59 / 4.01 / 3.01 Information Leakage

2015.03.17
Credit: Wang Jing
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-200

*724CMS 5.01 Multiple Information Leakage Security Vulnerabilities* Exploit Title: 724CMS Multiple Information Leakage Security Vulnerabilities Vendor: 724CMS Product: 724CMS Vulnerable Versions: 3.01 4.01 4.59 5.01 Tested Version: 5.01 Advisory Publication: March 14, 2015 Latest Update: March 14, 2015 Vulnerability Type: Information Exposure [CWE-200] CVE Reference: * Impact CVSS Severity (version 2.0): CVSS v2 Base Score: 5.0 (MEDIUM) (AV:N/AC:L/Au:N/C:P/I:N/A:N) (legend) Impact Subscore: 2.9 Exploitability Subscore: 10.0 Credit: Wang Jing [Mathematics, Nanyang Technological University (NTU), Singapore] *Suggestion Details:* *(1) Vendor & Product Description:* *Vendor:* 724CMS Enterprise *Product & Vulnerable Versions:* 724CMS 3.01 4.01 4.59 5.01 *Vendor URL & download:* 724CMS can be got from here, http://724cms.com/ *Product Introduction Overview:* 724CMS is a content management system (CMS) that has large customers spread in Canada, Japan, Korean, the United States and many others. It allows publishing, editing and modifying content, organizing, deleting as well as maintenance from a central interface. Meanwhile, 724CMS provides procedures to manage workflow in a collaborative environment. *(2) Vulnerability Details:* 724CMS web application has a security bug problem. It can be exploited by information leakage attacks - Full Path Disclosure (FPD). This may allow a remote attacker to disclose the software's installation path. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks. Several 724CMS products vulnerabilities have been found by some other bug hunter researchers before. 724CMS has patched some of them. NVD is the U.S. government repository of standards based vulnerability management data (This data enables automation of vulnerability management, security measurement, and compliance (e.g. FISMA)). It has published suggestions, advisories, solutions related to 724CMS vulnerabilities. *(2.1)* The first code programming flaw occurs at "index.php" page with "&Lang", "&ID" parameters. *(2.2)* The second code programming flaw occurs at "section.php" page with "&Lang", "&ID" parameters. *References:* http://tetraph.com/security/information-leakage-vulnerability/724cms-5-01-information-leakage-security-vulnerabilities/ http://securityrelated.blogspot.com/2015/03/724cms-501-information-leakage-security.html http://www.inzeed.com/kaleidoscope/computer-web-security/724cms-5-01-information-leakage-security-vulnerabilities/ http://diebiyi.com/articles/%E5%AE%89%E5%85%A8/724cms-5-01-information-leakage-security-vulnerabilities/ https://infoswift.wordpress.com/2015/03/14/724cms-5-01-information-leakage-security-vulnerabilities/ http://marc.info/?l=full-disclosure&m=142576280203098&w=4 http://en.hackdig.com/wap/?id=17055 -- Wang Jing, Division of Mathematical Sciences (MAS), School of Physical and Mathematical Sciences (SPMS), Nanyang Technological University (NTU), Singapore. http://www.tetraph.com/wangjing/ https://twitter.com/tetraphibious

References:

http://tetraph.com/security/information-leakage-vulnerability/724cms-5-01-information-leakage-security-vulnerabilities/
http://securityrelated.blogspot.com/2015/03/724cms-501-information-leakage-security.html
http://www.inzeed.com/kaleidoscope/computer-web-security/724cms-5-01-information-leakage-security-vulnerabilities/
http://diebiyi.com/articles/%E5%AE%89%E5%85%A8/724cms-5-01-information-leakage-security-vulnerabilities/
https://infoswift.wordpress.com/2015/03/14/724cms-5-01-information-leakage-security-vulnerabilities/
http://marc.info/?l=full-disclosure&m=142576280203098&w=4
http://en.hackdig.com/wap/?id=17055


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2019, cxsecurity.com

 

Back to Top