Korean

<< Back VID 21444 Severity 40 Port 80, ... Protocol TCP Class CGI Detailed Description The host seems to be running MySQL Eventum, which has multiple vulnerabilities. Eventum is a flexible issue tracking system written in PHP that uses a MySQL backend database. Eventum versions 1.3.1 and earlier are vulnerable to multiple vulnerabilities, which can be exploited by a remote attacker to conduct cross-site scripting and script insertion attacks and potentially bypass certain security restrictions. 1. Input passed to the "email" parameter in "index.php" and "forgot_password.php", and the "title" and "outgoing_sender_name" parameters in "projects.php" is not properly sanitized before being returned to users. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of a vulnerable site. 2. Input passed to the "full_name", "sms_email", "list_refresh_rate", and "emails_refresh_rate" parameters in "preferences.php" is not properly sanitized before being used. This can be exploited to inject arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site, when the malicious user data is viewed. 3. Eventum has a undocumented default administrator account (system-account@example.com) with a default MD5 encrypted password. * References: http://secunia.com/advisories/13677/ http://www.cirt.net/advisories/eventum_xss.shtml http://www.cirt.net/advisories/eventum_backdoor.shtml http://bugs.mysql.com/bug.php?id=7551 http://bugs.mysql.com/bug.php?id=7552 http://www.osvdb.org/12605 http://www.osvdb.org/12606 http://www.osvdb.org/12607 http://www.osvdb.org/12608 http://www.osvdb.org/12609 * Platforms Affected: MySQL AB Eventum 1.1 through 1.3.1 Any operating system Any version Recommendation Upgrade to the new version of Eventum (1.4 or later) at http://mysql.timesoft.cc/downloads/other/eventum/index.html Related URL (CVE) Related URL 12133 (SecurityFocus) Related URL 18713,18714,18715,18716 (ISS)