NULL NUKE CMS v2.2 Multiple Vulnerabilities

Title: NULL NUKE CMS v2.2 Multiple Vulnerabilities
Advisory ID: ZSL-2014-5185
Type: Local/Remote
Impact: Spoofing, Exposure of System Information, Exposure of Sensitive Information, Manipulation of Data, Cross-Site Scripting, System Access
Risk: (4/5)
Release Date: 28.04.2014
Summary
NULL-8x3-NUKE is a fast, powerful and secure cross platform CMS for windows and Linux using base or full drive paths.
Description
NULL NUKE CMS suffers from multiple remote vulnerabilities including Stored/Reflected XSS, SQL Injection, Arbitrary File Upload, RCE, Arbitrary File Deletion, Arbitrary File Access using absolute path and/or traversal, Open Redirection, Parameter Traversal, and Cross-Site Request Forgery.
Vendor
nullwanton - http://sourceforge.net/projects/nullnuke/
Affected Version
2.2 and 2.1 rc3
Tested On
Apache/2.4.7 (Win32)
PHP/5.5.6
MySQL 5.6.14
Vendor Status
N/A
PoC
nullnuke_mv.txt
Credits
Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk>
References
[1] http://packetstormsecurity.com/files/126384
[2] http://cxsecurity.com/issue/WLB-2014040188
[3] http://www.securityfocus.com/bid/67105
[4] http://www.exploit-db.com/exploits/33091/
[5] https://secunia.com/advisories/58294/
[6] http://www.osvdb.org/show/osvdb/106430
[7] http://www.osvdb.org/show/osvdb/106431
[8] http://www.osvdb.org/show/osvdb/106432
[9] http://www.osvdb.org/show/osvdb/106433
[10] http://www.osvdb.org/show/osvdb/106434
[11] http://www.osvdb.org/show/osvdb/106435
[12] http://www.osvdb.org/show/osvdb/106436
Changelog
[28.04.2014] - Initial release
[29.04.2014] - Added reference [1], [2], [3] and [4]
[30.04.2014] - Added reference [5], [6], [7], [8], [9], [10], [11] and [12]
Contact
Zero Science Lab

Web: http://www.zeroscience.mk
e-mail: lab@zeroscience.mk