High-Tech Bridge SA Security Research Lab has discovered vulnerability in Enano CMS which could be exploited to execute arbitrary SQL commands in application`s database.
1) SQL injection vulnerability in Enano CMS: CVE-2010-4780
An input validation error exists in the way application handles user
s email address. A remote attacker can create an account with specially crafted email address and execute arbitrary SQL commands in applications database. Successful exploitation may allow an attacker to read, modify, add or delete arbitrary data in database.
Register new user with email: "email@example.com'SQL_CODE"
Log in with new login and password.