Tugux CMS 1.2 Multiple Remote Vulnerabilities

Title: Tugux CMS 1.2 Multiple Remote Vulnerabilities
Advisory ID: ZSL-2011-5014
Type: Local/Remote
Impact: Exposure of System Information, Exposure of Sensitive Information, Manipulation of Data, Cross-Site Scripting
Risk: (4/5)
Release Date: 22.05.2011
Summary
Tugux CMS is a free, open-source content Management system (CMS) and application that powers the entire web.
Description
The application suffers from multiple issues including: reflected and stored xss, sql Injection, local file inclusion, url redirection. Vulnerable parameters include: 'name', 'comment', 'nid', 'submit1', 'email', 'topic_id'.
Vendor
Tugux Studios - http://www.tugux.com
Affected Version
1.2
Tested On
Microsoft Windows XP Professional SP3 (EN)
Apache 2.2.14 (Win32)
PHP 5.3.1
MySQL 5.1.41
Vendor Status
[02.04.2011] Vulnerabilities discovered.
[08.04.2011] Vendor contact.
[17.05.2011] Vendor replies asking more details.
[17.05.2011] Sent vendor report file, asking verification.
[20.05.2011] No response from vendor.
[21.05.2011] Sent another e-mail asking for any info.
[21.05.2011] No reply from vendor.
[22.05.2011] Public advisory released.
PoC
tugux_mv.txt
tugux_raw_02042011.txt
Credits
Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk>
References
[1] http://www.exploit-db.com/exploits/17312/
[2] http://packetstormsecurity.org/files/101604
[3] http://securityreason.com/wlb_show/WLB-2011050079
[4] http://secunia.com/advisories/44663/
[5] http://www.securityfocus.com/bid/47939
[6] http://xforce.iss.net/xforce/xfdb/67582
[7] http://xforce.iss.net/xforce/xfdb/67583
[8] http://xforce.iss.net/xforce/xfdb/67584
[9] http://osvdb.org/show/osvdb/72844
[10] http://osvdb.org/show/osvdb/72845
[11] http://osvdb.org/show/osvdb/72846
[12] http://osvdb.org/show/osvdb/72847
Changelog
[22.05.2011] - Initial release
[23.05.2011] - Added reference [2], [3], [4] and [5]
[24.05.2011] - Added reference [6], [7] and [8]
[13.06.2011] - Added reference [9], [10], [11] and [12]
Contact
Zero Science Lab

Web: http://www.zeroscience.mk
e-mail: lab@zeroscience.mk