The vulnerabilities could be exploited by remote attackers to take complete control over targeted web servers and steal sensitive user information.
The first vulnerability, tracked as CVE-2019-17132, is a remote code execution flaw reported by security researcher Egidio Romano.
The vulnerability resides in the way
“User input passed through the “data
Proof of code is available at the following URL:
The remaining critical vulnerabilities addressed by
“1) User input passed through
2) User input passed through keys of the “where” parameter to the “ajax/api/widget/getWidgetList” endpoint is not properly validated before being used in an SQL query. This can be exploited to e.g. read sensitive data from the database through time-based SQL injection attacks. Successful exploitation of this vulnerability requires an user account with the “canusesitebuilder” permission.
Romano reported all the flaws to the