lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <54A43F3F.9060500@karmainsecurity.com> Date: Wed, 31 Dec 2014 19:23:59 +0100 From: Egidio Romano <research@...mainsecurity.com> To: bugtraq@...urityfocus.com, fulldisclosure@...lists.org Subject: [FD] [KIS-2014-14] Osclass <= 3.4.2 (Search::setJsonAlert) SQL Injection Vulnerability ------------------------------------------------------------------- Osclass <= 3.4.2 (Search::setJsonAlert) SQL Injection Vulnerability ------------------------------------------------------------------- [-] Software Link: http://osclass.org/ [-] Affected Versions: Version 3.4.2 and probably prior versions. [-] Vulnerability Description: The vulnerability exists because user input passed through the "alert" parameter when subscribing to a search alert is not properly validated before being stored into the DB (s_search field of the oc_t_alerts table). This can be exploited by unauthenticated attackers to inject arbitrary SQL commands via several parameters passed to the "Search::setJsonAlert()" method, which are later used to make a SQL query within the "Search::doSearch()" method. NOTE: this vulnerability might be abused to reset the administrator's password and consequently gain access to the administration panel in order to achieve arbitrary PHP code execution. [-] Solution: Update to version 3.4.3 or later. [-] Disclosure Timeline: [29/09/2014] - Vendor notified [29/09/2014] - Vendor response [09/10/2014] - Version 3.4.3 released: http://blog.osclass.org/2014/10/09/osclass-3-4-3 [09/10/2014] - CVE number requested [11/10/2014] - CVE number assigned [31/12/2014] - Public disclosure [-] CVE Reference: The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2014-8083 to this vulnerability. [-] Credits: Vulnerability discovered by Egidio Romano. [-] Original Advisory: http://karmainsecurity.com/KIS-2014-14 _______________________________________________ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists