The document describes an XPath injection vulnerability in Ametys CMS 3.5.2, where the 'lang' POST parameter in the newsletter plugin is not properly sanitized, allowing arbitrary XPath code injection. The provided HTTP request demonstrates the exploit, triggering an internal server error with a detailed XPath parsing exception.
Classification
Writeup 90%
Attack Type
Other
Complexity
Moderate
Reliability
Reliable
Target:Ametys CMS 3.5.2 and 3.5.1
No auth needed
Prerequisites:Access to the newsletter plugin endpoint