Summary
Eleven in One is an open-source content management system (CMS) that is powered by PHP and MySQL. It does not only help you manage your personal blog but also maintain your postings at social networks. By establishing consistency among the data transmitted from and to the blog, this CMS sustains continuous harmonization of your data over time.
Description
Input passed to the 'content' parameter in 'do.php' on line 2112 is not properly sanitised before being returned to the user. This can be exploited to insert arbitrary HTTP headers, which are included in a response sent to the user.
/admin/do.php
----------------
2088: // update status
2089: else if(($action == "postStatus")&&($_SERVER["REQUEST_METHOD"] == "POST")&&($_SESSION['admin'] == 1))
2090: {
2091: $content = htmlspecialchars($_POST['content']);
2092:
2093: // Get database information
2094: $Database = new Database;
2095: $info = $Database->getInfo();
2096:
2097: // connect to database
2098: $conn = mysql_connect($info[0], $info[1], $info[2]);
2099: mysql_select_db($info[3], $conn);
2100:
2101: $date = date("Y-m-d H:i:s");
2102:
2103: // clear table
2104: $result = mysql_query("INSERT INTO 11in1_streamline (content, date) VALUES ('$content', '$date')");
2105:
2106: // close connection to db
2107: mysql_close($conn);
2108:
2109: // prepare success message
2110: $_SESSION['msg'] = array("title" => $lang_backend_request_executed, "msg" => $lang_backend_statusPosted, "url" => "streamline.php", "button" => $lang_error_goBack);
2111:
2112: header("Location: msg.php?connect=yes&status=$content");
2113: }