1.A SQL Injection vulnerability is detected in the Eventy CMS v1.8 Plus ,web based event calendar software.The vulnerability allows an attacker (remote) or local low privileged user account to execute a SQL commands on the affected application dbms. The sql injection vulnerability is located in eventy.php file with the bound vulnerable event_id parameter. Successful exploitation of the vulnerability results in dbms & application compromise. Exploitation requires no user interaction & without privileged user account.
Vulnerable File(s):
[+] eventy.php
Vulnerable Parameter(s):
[+] event_id
2.A persistent input validation vulnerability is detected in the Eventy CMS v1.8 Plus ,web based event calendar software.The bug allows remote attackers to implement/inject malicious script code on the application side (persistent). The persistentvulnerabilities is located in the the add Event module bound vulnerable Event Title and Event Location parameters. Successful exploitation of the vulnerability can lead to session hijacking (manager/admin) or stable (persistent) context manipulation. Exploitation requires low user inter action & privileged web application user account.
Vulnerable Module(s):
[+] Add Event
Vulnerable Parameter(s):
[+] Event Title - Event Location
3.A non-persistent cross site scripting vulnerability is detected in the Eventy CMS v1.8 Plus ,web based event calendar software.The vulnerability allows remote attackers to hijack website customer, moderator or admin sessions with medium or high required user inter action or local low privileged user account. The vulnerability is located in the eventy.php page the bound vulnerable selyear and selmonth parameter. Successful exploitation of the vulnerability result in account steal, clientsite phishing or client-side content request manipulation.
Vulnerable File(s):
[+] eventy.php
Vulnerable Parameter(s):
[+] selyear - selmonth
Proof of Concept:
-================
1.The SQL injection vulnerability can be exploited by remote attackers without privileged application user accounr and without required user inter action. For demonstration or reproduce ...
2.The persistent input validation vulnerabilities can be exploited by remote attackers with low or medium required user inter action & low privileged user account. For demonstration or reproduce ...
Manaually Reproduce ...
The attacker can create a new event with injecting a malicious code i.e.,
"<iframe src=http://www.vulnerability-lab.com onload=alert("VL")</iframe>, in the field Event Title - Event Location
Fields.
When the admin or any other user view the event the code gets executed.
