Tgs · Tgs Content Management · CVE-2009-2929
Name of the Vulnerable Software and Affected Versions:
TGS Content Management versions 0.x
Description:
The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via multiple parameters in two scripts: `cms/index.php` and `cms/frontpage ception.php`. The parameters in `cms/index.php` include `tgs language id`, `tpl dir`, `referer`, `user-agent`, `site`, `option`, `db optimization`, `owner`, `admin email`, `default language`, and `db host`. The parameters in `cms/frontpage ception.php` include `cmd`, `s dir`, `minutes`, `s mask`, `test3 mp`, `test15 file1`, `submit`, `brute method`, `ftp server port`, `userfile14`, `subj`, `mysql l`, `action`, and `userfile1`. Note that some parameters may only be applicable in nonstandard versions of the product, and the script name `cms/frontpage ception.php` might be `cms/frontpage caption.php` in released versions.
Recommendations:
For TGS Content Management versions 0.x, consider disabling the SQL execution functionality in the `cms/index.php` and `cms/frontpage ception.php` scripts until a patch is available. Restrict access to these scripts to minimize the risk of exploitation. Avoid using the specified parameters in the affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.