I. BACKGROUND ------------------------- "CUBIC CMS" is a non-free content management system for websites and portals of any size, powerful, adaptable to any graphic design that allows users administration 100% professional but simple at the same time that website. II. VULNERABILITIES ------------------------- II.i FULL PATH DISCLOSURE ------------------------- CUBIC CMS presents a full path disclosure in the 'Controller Not Found' exception management, due to an incorrect 'Software Exception' management. Syntax: http://www.example.com/id/-22 http://www.example.com/foo.bar II.ii SQL Injection ------------------------- CUBIC CMS presents a SQL Injection in its 'resource_id' and 'version_id' parameters on his '/recursos/agent.php' (Resources Management Module) script via GET HTTP Method, due to an insufficient sanitization on user supplied data. Syntax: http://www.example.com/recursos/agent.php?resource_id=-11 OR 'foobar' UNION SELECT user()-- - http://www.example.com/recursos/agent.php?version_id=-22 OR '' UNION SELECT @@version-- - II.iii SQL Injection ------------------------- CUBIC CMS presents a SQL Injection in its 'login' and 'pass' parameters on his '/login.usuario' (Users Management Module) script via POST HTTP Method, due to an insufficient sanitization on user supplied data. Syntax: login=Administrator&pass=foobar') or ('1'='1 II.iv Local File Inclusion ------------------------- CUBIC CMS presents a SQL Injection in its 'path' parameter on his '/recursos/agent.php' (Resources Management Module) script via GET HTTP Method, due to an insufficient sanitization on user supplied data. Syntax: http://www.example.com/recursos/agent.php?path=/../../application/config/project.ini IV. REFERENCES ------------------------- http://www.proyectosbds.com http://www.cubicfactory.com/ V. DISCLOSURE TIMELINE ------------------------- - March 28, 2012: First Vendor Contact. - Dec 30, 2013: Second Vendor Contact (Still waiting for responses). VI. CREDITS ------------------------- This vulnerability has been discovered by Eugenio Delfa .