Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

Short Name

 HTTP:PHP:CONSTRUCTR-CMS-MUL

Severity

 Medium

Recommended

 No

Recommended Action

 Drop

Category

 HTTP

Keywords

 Constructr CMS XSS and SQL Injection

Release Date

 2011/03/25

Update Number

 1889

Supported Platforms

 idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

HTTP: Constructr CMS Multiple Vulnerabilities


This signature detects attempts to exploit multiple known vulnerabilities in Constructr CMS. An attacker can steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Extended Description

Constructr CMS is prone to multiple cross-site scripting and SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. Constructr CMS 3.03.0 is vulnerable; other versions may also be affected.

Affected Products

  • Constructr CMS 3.03.3

References

  • BugTraq: 46842
  • URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2011-5001.php
  • URL: http://constructr-cms.org/

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out