Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

This site is deprecated. Please CLICK HERE for latest updates

Short Name

 HTTP:PHP:CONSTRUCTR-CMS-MUL

Severity

 Minor

Recommended

 No

Recommended Action

 Drop

Category

 HTTP

Keywords

 Constructr CMS Multiple Vulnerabilities

Release Date

 2011/03/25

Update Number

 1889

Supported Platforms

 idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+

HTTP: Constructr CMS Multiple Vulnerabilities


This signature detects attempts to exploit multiple known vulnerabilities in Constructr CMS. An attacker can steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Extended Description

Constructr CMS is prone to multiple cross-site scripting and SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. Constructr CMS 3.03.0 is vulnerable; other versions may also be affected.

Affected Products

  • Constructr_cms constructr_cms 3.03.3

References

  • BugTraq: 46842
  • URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2011-5001.php
  • URL: http://constructr-cms.org/

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out