webEdition CMS – ‘we_fs.php’ SQL Injection

Exploit Database
15 阅读

作者： RedTeam Pentesting GmbH

日期： 2014-05-28
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/39206/

source: https://www.securityfocus.com/bid/67689/info

webEdition CMS is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input.

A successful exploit will allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

webEdition CMS 6.3.3.0 through 6.3.8.0 svn6985 are vulnerable; other versions may also be affected. 

 http://www.example.com/webEdition/we_fs.php?what=4[SQL]

last Exploits
webEdition CMS – ‘we_fs.php’ SQL Injection的更多信息

akcms 4.2.4 – Information Disclosure：
vBulletin 4.0.x < 4.1.2 - 'search.php?cat' SQL Injection：
Thomson Wireless VoIP Cable Modem – Authentication Bypass：
GLink Word Link Script 1.2.3 – SQL Injection：
PHP Product Catalog – Cross-Site Request Forgery (Change Administrator Password)：
MetInfo 2.0 – PHP Code Injection：
EzInvoice 6.02 – SQL Injection：
Gurock Testrail 7.2.0.3014 – ‘files.md5’ Improper Access Control：