|Network Security Consulting Advisories Article
| Bugtraq ID: || 53788 |
| Class: || Input Validation Error |
| CVE: || |
| Remote: || Yes |
| Local: || No |
| Published: || Jun 05 2012 12:00AM |
| Updated: || Jun 25 2012 09:30PM |
| Credit: || KedAns-Dz |
| Vulnerable: || Zoph Zoph 0.9pre2 |
| Not Vulnerable: || |
Security DiscussionZoph is prone to multiple remote security vulnerabilities, which include:
1. An arbitrary download vulnerability.
2. An SQL-injection vulnerability.
3. A cross-site request-forgery vulnerability.
Exploiting these issues may allow a remote attacker to perform certain administrative actions, gain unauthorized access, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database and gain access to sensitive information. Other attacks are also possible.
Zoph 0.9pre2 is vulnerable; other versions may also be affected.
Note: This BID is being retired. The issue can not be exploited as described.
Proof of Concept and Security ExploitsAttackers can use a browser to exploit these issues.
The following example inputs are available:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: firstname.lastname@example.org.
Security References(s) References: