Benja CMS 0.1 - '/admin/admin_edit_submenu.php' Cross-Site Scripting

Author: CWH Underground
type: webapps
platform: php
port: 
date_added: 2008-06-23 
date_updated: 2014-02-27 
verified: 1 
codes: CVE-2008-2987;OSVDB-46733 
tags: 
aliases:  
screenshot_url:  
application_url: 

source: https://www.securityfocus.com/bid/29884/info

The 'benja CMS' program is prone to multiple vulnerabilities because it fails to adequately validate input and restrict access. These issues include three cross-site scripting issues, an arbitrary-file-upload issue, and a vulnerability that allows unauthorized access to an administrative script.

Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, to run arbitrary script code in the context of the application, or to access administrative scripts.

These issues affect 'benja CMS 0.1'; other versions may also be affected.

http://www.example.com/[benjacms_path]/admin/admin_edit_submenu.php/<XSS>