Title: Yerba SACphp 6.3 Multliple Remote Vulnerabilities
Severity: HIGH
Description:
SACphp is a module for the Yerba portal system.
The application is prone to multiple remote vulnerabilities:
1. A remote privilege-escalation vulnerability occurs because the application fails to sufficiently sanitize base64-encoded data to the 'SID' parameter of the 'index.php' script.
2. A vulnerability occurs that may allow attackers to gain access to the content contained in the database. This issue occurs because the application fails to sufficiently sanitize user-supplied input to the 'SID' parameter of the 'index.php' script. Specifically, if an attacker sets the 'SID' parameter to 'Jm9kbGFwc2VyPXhmJmFtZXRzaXM9cG9tJm5pbWRBQkR5PWRvbQ==', then the attacker can gain access to the content contained in the database.
3. An unauthorized-access vulnerability may allow attackers to add arbitrary administrative accounts to the affected application. This issue occurs when the 'SID' parameter of the 'index.php' script is set to 'JnJhZ2VyZ2E9eGYmYW1ldHNpcz1wb20mc29pcmF1c1V5PWRvbQ=='.
4. An authentication-bypass vulnerability occurs because the application fails to adequately verify user-supplied input used for cookie-based authentication credentials. Attackers can exploit this issue by setting the value of the 'galleta[sesion]' parameter to 'MToxOkFkbWluaXN0cmFkb3IgZGVsIFNpc3RlbWE6Jw=='
Attackers can exploit these issues to gain unauthorized administrative access to the affected application, compromise the application, and obtain sensitive information. Other attacks are also possible.
Yerba SACphp 6.3 is vulnerable; other versions may also be affected.
Affected Products:
- Yerba SACphp 6.3
References:
- Yerba: Yerba SACphp Homepage
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
