apemCMS – SQL Injection

Exploit Database
90 阅读

作者： Ariko-Security

日期： 2010-02-11
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/11411/

============ { Ariko-Security - Advisory #1/2/2010 } =============

 SQL injection vulnerability in apemCMS 

Vendor's Description of Software:
# http://apem.com.pl/?sc=oferta

Dork:
#Powered by apemCMS

Application Info:
# Name: apemCMS
# Versions: ALL

Vulnerability Info:
# Type: SQL injection Vulnerability
# Risk: High

Fix: 
# 11.FEB Fixed

It was found that apemCMS does not validate properly the "id" parameter
 value.

Solution:
# Input validation of "id" parameter should be corrected.


Vulnerability:
# http://server/?mod=view_default&id=68[SQLi]

Credit:
# Discoverd By: MG
# Website: http://Ariko-security.com
# Contacts: support[-at-]ariko-security.com

Ariko-Security
vuln@ariko-security.com
tel.: +48512946012 (Mo-Fr 10.00-20.00 CET)

last Exploits
apemCMS – SQL Injection的更多信息

JAF CMS 4.0 rc2 – Multiple Vulnerabilities：
Alt-N MDaemon 12.5.6/13.0.3 – Email Body HTML/JS Injection：
GeekLog 1.3.8 (filemgmt) – SQL Injection：
BlaherTech Placeto CMS – ‘Username’ SQL Injection：
Cype CMS – SQL Injection：
Ucenter Projekt 2.0 – Insecure crossdomain (Cross-Site Scripting)：
Open Constructor – ‘/users/users.php?keyword’ Cross-Site Scripting：
WordPress Plugin Modern Events Calendar V 6.1 – SQL Injection (Unauthenticated)：