MC Content Manager suffers from path disclosure and remote SQL injection vulnerabilities.
79ff444202068751e97532edf45a7be59536d42ac9254e58655c806de059b940
-------------------------
Affected products:
-------------------------
Vulnerable are only not the latest versions of MC Content Manager.
----------
Details:
----------
Full path disclosure (WASC-13):
http://site/article.php?root=a
SQL Injection (WASC-19):
http://site/article.php?root=-1%20and%20version()=4
------------
Timeline:
------------
2010.11.16 - announced at my site.
2010.11.17 - informed developers.
2011.01.22 - disclosed at my site.
I mentioned about these vulnerabilities at my site
(http://websecurity.com.ua/4687/).
Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua