ImpressPages CMS v3.6 Multiple XSS/SQLi Vulnerabilities

Title: ImpressPages CMS v3.6 Multiple XSS/SQLi Vulnerabilities
Advisory ID: ZSL-2013-5157
Type: Local/Remote
Impact: Exposure of System Information, Exposure of Sensitive Information, Manipulation of Data, Cross-Site Scripting
Risk: (3/5)
Release Date: 31.10.2013
Summary
ImpressPages CMS is an open source web content management system with revolutionary drag & drop interface.
Description
Input passed via several parameters is not properly sanitized before being returned to the user or used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code and HTML/script code in a user's browser session in context of an affected site.
Vendor
ImpressPages UAB - http://www.impresspages.org
Affected Version
3.6
Tested On
Microsoft Windows 7 Ultimate SP1 (EN)
Apache 2.4.2 (Win32)
PHP 5.4.7
MySQL 5.5.25a
Vendor Status
[12.10.2013] Vulnerabilities discovered.
[20.10.2013] Contact with the vendor.
[20.10.2013] Vendor responds asking more details.
[22.10.2013] Sent details to the vendor.
[22.10.2013] Vendor working on reported issues.
[22.10.2013] Asked vendor for estimated timeframe for developing patches.
[24.10.2013] Vendor confirms the issues promising fix.
[29.10.2013] Vendor releases version 3.7 to address these issues.
[31.10.2013] Coordinated public security advisory released.
PoC
impresspages_sqlixss.txt
Credits
Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk>
References
[1] http://www.impresspages.org/blog/impresspages-cms-3-7-is-mobile-as-never-before/
[2] http://www.securityfocus.com/bid/63459
[3] http://packetstormsecurity.com/files/123871
[4] http://cxsecurity.com/issue/WLB-2013110002
[5] http://www.osvdb.org/show/osvdb/99220
[6] http://www.osvdb.org/show/osvdb/99221
[7] http://www.osvdb.org/show/osvdb/99223
[8] http://secunia.com/advisories/55303
[9] http://secunia.com/advisories/55505
[10] http://www.exploit-db.com/exploits/29318/
[11] http://xforce.iss.net/xforce/xfdb/88459
Changelog
[31.10.2013] - Initial release
[01.11.2013] - Added reference [3], [4], [5], [6] and [7]
[04.11.2013] - Added reference [8] and [9]
[15.11.2013] - Added reference [10] and [11]
Contact
Zero Science Lab

Web: http://www.zeroscience.mk
e-mail: lab@zeroscience.mk