High-Tech Bridge SA Security Research Lab has discovered vulnerability in SyntaxCMS which could be exploited to execute arbitrary SQL commands in application`s database.
1) SQL injection vulnerability in SyntaxCMS
An input validation error exists in the "rows_per_page" parameter in /content/general/browse/. A remote attacker can send a specially crafted HTTP GET request to the vulnerable script and execute arbitrary SQL commands in application`s database. Successful exploitation may allow an attacker to read, modify, add or delete arbitrary data.