Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
htbridgeHigh-Tech BridgeHTB22709
HistoryNov 16, 2010 - 12:00 a.m.

SQL Injection Vulnerability in Enano CMS

2010-11-1600:00:00
High-Tech Bridge
www.htbridge.com
26

0.01 Low

EPSS

Percentile

83.9%

JSON

High-Tech Bridge SA Security Research Lab has discovered vulnerability in Enano CMS which could be exploited to execute arbitrary SQL commands in application`s database.

  1. SQL injection vulnerability in Enano CMS: CVE-2010-4780
    An input validation error exists in the way application handles users email address. A remote attacker can create an account with specially crafted email address and execute arbitrary SQL commands in applications database. Successful exploitation may allow an attacker to read, modify, add or delete arbitrary data in database.
    Exploitation example:
    Step1.
    Register new user with email: “[email protected]’SQL_CODE”
    Step2.
    Log in with new login and password.

Related

prion 1
cvelist 1
nvd 1
cve 1
prion
prion
Sql injection
2011-04-07 14:23:00
cvelist
cvelist
CVE-2010-4780
2011-04-07 14:00:00
nvd
nvd
CVE-2010-4780
2011-04-07 14:23:53
cve
cve
CVE-2010-4780
2011-04-07 14:23:53

0.01 Low

EPSS

Percentile

83.9%

JSON
Related for HTB22709
prion1cvelist1nvd1cve1