Multiple stored/reflecting XSS- and SQLi-vulnerabilities and unrestricted file-upload in ferretCMS v. 1.0.4-alpha

Posted by Steffen Rösemann on Jan 22

Advisory:
Advisory ID: SROEADV-2015-10
Author: Steffen Rösemann
Affected Software: ferretCMS v. 1.0.4-alpha
Vendor URL: https://github.com/JRogaishio/ferretCMS
Vendor Status: vendor will patch eventually
CVE-ID: –

Tested on:

– Firefox 35, Iceweasel 31
– Mac OS X 10.10, Kali Linux 1.0.9a

==========================
Vulnerability Description:
==========================

The content management system ferretCMS v.1.0.4, which is currently in
alpha…

Leave a Reply