Archive for November 29th, 2013

Ametys CMS 3.5.2 (lang parameter) XPath Injection Vulnerability

Input passed via the ‘lang’ POST parameter in the newsletter plugin is not properly sanitised before being used to construct a XPath query for XML data. This can be exploited to manipulate XPath queries by injecting arbitrary XPath code.

ametys-xpath-injection

Advisory: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2013-5162.php