apemCMS – SQL Injection

Exploit Database
31 阅读

作者： Ariko-Security

日期： 2010-02-11
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/11411/

============ { Ariko-Security - Advisory #1/2/2010 } =============

 SQL injection vulnerability in apemCMS 

Vendor's Description of Software:
# http://apem.com.pl/?sc=oferta

Dork:
#Powered by apemCMS

Application Info:
# Name: apemCMS
# Versions: ALL

Vulnerability Info:
# Type: SQL injection Vulnerability
# Risk: High

Fix: 
# 11.FEB Fixed

It was found that apemCMS does not validate properly the "id" parameter
 value.

Solution:
# Input validation of "id" parameter should be corrected.


Vulnerability:
# http://server/?mod=view_default&id=68[SQLi]

Credit:
# Discoverd By: MG
# Website: http://Ariko-security.com
# Contacts: support[-at-]ariko-security.com

Ariko-Security
vuln@ariko-security.com
tel.: +48512946012 (Mo-Fr 10.00-20.00 CET)

last Exploits
apemCMS – SQL Injection的更多信息

Thinfinity VirtualUI 2.5.41.0 – IFRAME Injection：
Linksys RE6500 1.0.11.001 – Unauthenticated RCE：
RemoteClinic 2 – ‘Multiple’ Cross-Site Scripting (XSS)：
Lyrics Script – SQL Injection / Cross-Site Scripting：
Symantec Data Center Security – Multiple Vulnerabilities：
Codiad 2.8.4 – Remote Code Execution (Authenticated) (3)：
webConductor – ‘default.asp’ SQL Injection：
Cisco EPC3925 – Cross-Site Request Forgery：