Tugux CMS 1.2 Multiple Remote Vulnerabilities

The application suffers from multiple issues including: reflected and stored xss, sql Injection, local file inclusion, url redirection. Vulnerable parameters include: ‘name’, ‘comment’, ‘nid’, ‘submit1′, ‘email’, ‘topic_id’.

Advisory: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2011-5014.php

Comment are closed.