NetCat CMS Multiple Vulnerabilities

Published: 2015-03-03 12:14:58

CVSS Base Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N

Summary:
The host is installed with NetCat CMS and is prone to multiple vulnerabilities.

Detection Method:
Send a crafted request via HTTP GET and check whether it redirects to the malicious website.

Technical Details:
Multiple flaws are due to input passed via, - 'redirect_url' parameter to 'netshop/post.php' is not properly validated. - 'site' parameter to 'modules/redir/?' is not properly validated. - 'url' parameter to 'redirect.php?' is not properly validated.

Impact:
Successful exploitation will allow remote attackers to arbitrary URL redirection, disclosure or modification of sensitive data.

Affected Versions:
NetCat CMS version 5.01, 3.12, 3.0, 2.4, 2.3, 2.2, 2.1, 2.0 and 1.1

Recommendations:
Update to NetCat CMS 5.5 or later.

Solution Type:
Vendor Patch

Detection Type:
exploit

References:

http://seclists.org/fulldisclosure/2015/Mar/8
http://seclists.org/fulldisclosure/2015/Mar/9
http://securityrelated.blogspot.in/2015/02/netcat-cms-multiple-url-redirection.html
http://netcat.ru

Search
Severity
Medium
CVSS Score
5.0

You never have to pay for a vulnerability scanning and management software again.

Tired of paying a subscription 'per asset' or 'per IP'? Well you can officially cancel your current subscription. Mageni provides a free, open source and enterprise-ready vulnerability scanning and management platform which helps you to find, prioritize, remediate and manage your vulnerabilities. It is free and always will be.