Soltech CMS 0.4 SQL Injection

2013-08-14T00:00:00
ID PACKETSTORM:122819
Type packetstorm
Reporter MustLive
Modified 2013-08-14T00:00:00

Description

                                        
                                            `Hello list!  
  
There is SQL Injection vulnerability in Soltech.CMS. This is commercial CMS.  
  
-------------------------  
Affected products:  
-------------------------  
  
Vulnerable are Soltech.CMS v 0.4 and previous versions.  
  
-------------------------  
Affected vendors:  
-------------------------  
  
Soltech  
http://soltech.com.ua  
  
----------  
Details:  
----------  
  
SQL Injection (WASC-19):  
  
http://site/index.php?level_path=%27%20or%20version()=5%23  
  
------------  
Timeline:  
------------   
  
2013.06.05 - announced at my site.  
2013.06.07 - informed developers about the first part of vulnerabilities.  
2013.07.14 - informed developers about the second part of vulnerabilities.  
2013.08.13 - disclosed at my site (http://websecurity.com.ua/6550/).  
  
Best wishes & regards,  
MustLive  
Administrator of Websecurity web site  
http://websecurity.com.ua   
  
`