Signature Detail
Short Name |
HTTP:SQL:INJ:SYNDEO-CMS-USRNAME |
|---|---|
Severity |
Medium |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
SyndeoCMS SQL Injection Vulnerability |
Release Date |
2011/03/31 |
Update Number |
1892 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: SyndeoCMS SQL Injection Vulnerability
This signature detects attempts to exploit a known SQL Injection vulnerability in SyndeoCMS content manager. An attacker can exploit this issue by manipulating the SQL query logic to carry out unauthorized actions on the underlying database.
Extended Description
SyndeoCMS is prone to multiple cross-site scripting vulnerabilities and an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. SyndeoCMS 2.8.02 is vulnerable; other versions may also be affected.
Affected Products
- SyndeoCMS 2.5.01
- SyndeoCMS 2.8.02
- SyndeoCMS SynedoCMS 2.6.0
- SyndeoCMS SynedoCMS 2.6.02
References
- BugTraq: 47018
- URL: http://www.syndeocms.org/