Expinion.net Member Management System 2.1 and News Manager Lite 2.5 contain several vulnerabilities that can allow a remote attacker to conduct cross-site scripting attacks, inject SQL commands or gain access to an administrator's account. This may result in the execution of arbitrary script or code, disclosure of sensitive information or modification and deletion of existing data.
The first vulnerability exists when parsing requests for HTML code in a certain script. The system fails to properly filter user-supplied data before saving the information to the system. An attacker can create a specially crafted request with malicious script that, when viewed, executes in the security context of the web site.
The second vulnerability allows the
attacker to inject SQL commands to execute on the system. Certain scripts fail to validate input supplied to the identification parameter before used in SQL queries. An attacker can create a request with a malicious URL that causes the system to execute SQL code and manipulate or disclose sensitive information.
The third vulnerability exists only in Member Management System. The register.asp script allows a cross site scripting attack to delete or change a user.
The fourth vulnerability exists in News Manager Lite when authenticating into the system. The system fails to properly verify the administrator session. An attacker can use a easily forge a cookie to gain access to the admin account.