HTTP: Constructr CMS Multiple Vulnerabilities

This signature detects attempts to exploit multiple known vulnerabilities in Constructr CMS. An attacker can steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Extended Description

Constructr CMS is prone to multiple cross-site scripting and SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. Constructr CMS 3.03.0 is vulnerable; other versions may also be affected.

Affected Products

Constructr_cms constructr_cms

Short Name
HTTP:PHP:CONSTRUCTR-CMS-MUL
Severity
Minor
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
CMS Constructr Multiple Vulnerabilities bid:46842
Release Date
03/25/2011
Supported Platforms

srx-branch-12.3

srx-19.3

srx-branch-19.3

vsrx3bsd-19.2

srx-branch-19.4

vsrx-19.4

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx3bsd-19.4

srx-19.4

vsrx-12.3

vmx-19.3

vsrx-19.2

srx-12.3

Sigpack Version
3336
False Positive
Unknown
Vendors

Constructr_cms

Found a potential security threat?