Multiple vulnerabilities in BabyGekko
|Vendor:||schlix web inc|
|Vulnerable Versions:||1.2.2e and probably prior|
|Advisory Publication:||October 24, 2012 [without technical details]|
|Vendor Notification:||October 24, 2012|
|Vendor Fix:||November 4, 2012|
|Public Disclosure:||November 14, 2012|
|Latest Update:||November 13, 2012|
|Vulnerability Type:||SQL Injection [CWE-89]|
PHP File Inclusion [CWE-98]
Cross-Site Scripting [CWE-79]
|CVSSv2 Base Scores:||6.5 (AV:N/AC:L/Au:S/C:P/I:P/A:P)|
|Solution Status:||Fixed by Vendor|
|Discovered and Provided:||High-Tech Bridge Security Research Lab|
High-Tech Bridge Security Research Lab discovered multiple vulnerabilities in BabyGekko, which can be exploited to include local PHP files, perform SQL Injection and Cross-Site Scripting (XSS) attacks.
|Upgrade to BabyGekko 1.2.2f or 1.2.4|
| High-Tech Bridge Advisory HTB23122 - https://www.htbridge.com/advisory/HTB23122 - Multiple vulnerabilities in BabyGekko.|
 BabyGekko - http://www.babygekko.com - BabyGekko strives to deliver high quality websites and other web content fast and easy for all end users. It is a lightweight, extensible content management system platform for publishing websites, intranets, or blogs.
 Common Vulnerabilities and Exposures (CVE) - http://cve.mitre.org/ - international in scope and free for public use, CVE® is a dictionary of publicly known information security vulnerabilities and exposures.
 Common Weakness Enumeration (CWE) - http://cwe.mitre.org - targeted to developers and security practitioners, CWE is a formal list of software weakness types.
Please feel free to send us any additional information related to this Advisory, such as vulnerable versions, additional exploitation details and conditions, patches and other relevant details.