17 July 2007, 14:04

Holes in ActiveWeb Contentserver CMS

German service provider RedTeam Pentesting has published several security advisories to report vulnerabilities in the ActiveWeb Contentserver 5.x content management system. Despite defined restrictions, users with editor rights can, for instance, create documents in any location or may exploit an SQL injection vulnerability to inject arbitrary commands and to manipulate the database.

It is also possible to manipulate the WYSIWYG interface to embed JavaScript code in documents, although this should be prevented. To do so, an editor must manipulate two POST requests when saving the document. Finally, two cross-site scripting vulnerabilities have been detected in ActiveWeb Contentserver. Affected versions include 5.6.2929 and prior versions. The bug has been fixed in version 5.6.2964.

Also on The H:

Share this article

Holes in ActiveWeb Contentserver CMS

Also on The H:

Microsoft's struggle against bugs

CSI:Internet - Open heart surgery

CSI:Internet - A trip into RAM

The H Update Check

Internet Toolkit

Monopoly madness

What's new in Linux 3.4

A Practical Internet of Things

Booting up: Tools and tips for systemd

Kernel Log: Coming in 3.4 (Part 3) - Graphics drivers

Control Centre: The systemd Linux init system

Kernel Log: Coming in 3.4 (Part 2) - Filesystems, storage and drivers

Kernel Log: Coming in 3.4 (Part 1) - Infrastructure

What's new in Linux 3.3

Building a GSM network with open source

CSI:Internet - Controlled from the beyond

Price Insight Top 10 powered by Skinflint

The H

The H open source

The H Security

The H Internet Toolkit