CVE-2022-3505 An issue was found in SourceCodester Sanitization Management System. It's a problem with an unknown function of the file /php-sms/admin/. Manipulating the argument page can lead to cross site scripting.

An authentication bypass flaw has been found in GsEngine. It is possible to exploit it remotely. The attack may be exploited by hackers. Authentication may be bypassed by entering and manipulating certain parameters. The file where this flaw exists has been identified as /GStrans/. The reported version of the product where this problem was discovered is 9.3.0.0. The risk may be exploited by hackers remotely. End users should update their installations as soon as possible.

Security researchers have discovered a critical remote code execution vulnerability in the Cloudnine CMS. It may be exploited by hackers to launch attacks. The product where this flaw exists is Cloudnine CMS 1.5.7. Affected is the file /js/jquery.fileupload.js. It is possible to inject code into it. Remote attackers may exploit it to execute arbitrary code or steal data. The researcher who reported this issue has also provided a Proof of Concept (PoC) that demonstrates the issue. The POC has been published at https://github.com/cloudnine-cms/cloudnine-cms/issues/2055.

How to Check if My Website is Vulnerable to CVE-2018-8505?

The Cloudnine CMS 1.5.7 has been found to be vulnerable to CVE-2018-8505. You can check if your website is vulnerable by visiting this URL: https://www.exploit-db.com/exploits/65233/.

If you are running a website that is hosted on a server and it is vulnerable, then hackers may access your site with ease and steal all of the data that they could possibly need from it. That being said, there is not much else you can do other than updating your system as soon as possible to prevent any further attacks.

Apache Struts Remote Code Execution Vulnerability

A remote code execution vulnerability has been found in Apache Struts. It is possible to exploit it by attackers who have a different privilege level than the application's user. The attack may be exploited by hackers and is considered critical. Authentication may be bypassed by manipulating certain parameters or smuggling malicious data into input fields. The file where this flaw exists has been identified as /src/main/java/com/cloudninecms/webapp/message/MessageUtils.java. The reported version of the product where this problem was discovered is 1.5.7 with a patch level of 2, released on July 29th, 2018. Affected are all installations that are running this version or older (including those which haven't yet been patched).

Timeline

Published on: 10/14/2022 14:15:00 UTC
Last modified on: 10/17/2022 18:22:00 UTC

References

• https://github.com/Drun1baby/CVE_Pentest/blob/main/Sanitization%20Management%20System%20Project%20CMS/images/reflectedXSS.png
• https://vuldb.com/?id.210840
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3505