← Advisories

Balero CMS v0.7.2 Multiple Blind SQL Injection Vulnerabilities

Medium
Advisory ID
ZSL-2015-5238
Release Date
07 April 2015
Vendor
BaleroCMS Software - http://www.balerocms.com
Affected Version
0.7.2
CVE
N/A
Tested On
Apache 2.4.10 (Win32), PHP 5.6.3, MySQL 5.6.21
Summary

Balero CMS is an open source project that can help you manage the page of your company with just a few guided steps, minimizing the costs that many companies make to have your advertising medium and/or portal.

Description

The application suffers from multiple blind SQL injection vulnerabilities when input is passed to several POST parameters thru their affected modules which are not properly sanitised before being returned to the user or used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

Proof of Concept
balerocms_bsqli.txtTXT
Disclosure Timeline
04.03.2015Vulnerabilities discovered.
13.03.2015Contact with the vendor.
13.03.2015Vendor responds asking more details.
14.03.2015Sent details to the vendor.
15.03.2015Vendor confirms issues, working on fix.
15.03.2015Vendor schedules patch release date.
03.04.2015Asked vendor for status update.
03.04.2015Vendor finishing core update, preparing patch.
05.04.2015Vendor releases version 0.8.3 to address these issues.
07.04.2015Coordinated public security advisory released.
Credits
Vulnerability discovered by Gjoko Krstic
References
[1]http://www.balerocms.com/blog/main/id-190
[2]http://www.balerocms.com/blog/main/id-193
[3]https://github.com/neblina-software/balerocms-src/releases
[4]http://packetstormsecurity.com/files/131323
[5]http://cxsecurity.com/issue/WLB-2015040045
[6]https://exchange.xforce.ibmcloud.com/vulnerabilities/102062
[7]http://www.exploit-db.com/exploits/36675/
[8]http://osvdb.org/show/osvdb/120389
[9]http://osvdb.org/show/osvdb/120390
[10]http://osvdb.org/show/osvdb/120391
[11]http://osvdb.org/show/osvdb/120392
Changelog
07.04.2015Initial release
08.04.2015Added reference [4], [5], [6] and [7]
09.04.2015Added reference [8], [9], [10] and [11]