Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
packetstormJing WangPACKETSTORM:130075
HistoryJan 23, 2015 - 12:00 a.m.

SmartCMS 2 SQL Injection

2015-01-2300:00:00
Jing Wang
packetstormsecurity.com
37

EPSS

0.002

Percentile

54.8%

JSON
`*CVE-2014-9558 SmartCMS Multiple SQL Injection Security Vulnerabilities*  
  
Exploit Title: Smartwebsites SmartCMS v.2 Multiple SQL Injection Security  
Vulnerabilities  
Product: SmartCMS v.2  
Vendor: Smartwebsites  
Vulnerable Versions: v.2  
Tested Version: v.2  
Advisory Publication: Jan 22, 2015  
Latest Update: Jan 22, 2015  
Vulnerability Type: Improper Neutralization of Special Elements used in an  
SQL Command (‘SQL Injection’) (CWE-89)  
CVE Reference: CVE-2014-9558  
Credit: Wang Jing [MAS, Nanyang Technological University (NTU), Singapore]  
  
  
  
  
*Advisory Details:*  
  
  
*(1) Vendor & Product Description*  
  
*Vendor:* Smartwebsites  
  
*Product & Version:* SmartCMS v.2  
  
*Vendor URL & Download:*  
http://www.smartwebsites.com.cy/index.php?pageid=13&lang=en  
  
*Product Description:*  
“SmartCMS is one of the most user friendly and smart content management  
systems there is in the Cyprus market. It makes the content management of a  
webpage very easy and simple, regardless of the user’s technical skills.”  
  
  
  
  
*(2) Vulnerability Details:*  
  
SmartCMS v.2 has a security vulnerability. It can be exploited by SQL  
Injection attacks.  
  
*(2.1) *The first vulnerability occurs at “index.php?” page with “pageid”,  
“lang” multiple parameters.  
  
*(2.2)* The second vulnerability occurs at “sitemap.php?” page with  
“pageid”, “lang” multiple parameters.  
  
  
  
  
  
  
  
*References:*  
http://www.tetraph.com/security/cves/cve-2014-9558-smartcms-sql-injection-security-vulnerability/  
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9558  
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9558  
https://security-tracker.debian.org/tracker/CVE-2014-9558  
http://www.cvedetails.com/cve/CVE-2014-9558/  
http://www.security-database.com/detail.php?alert=CVE-2014-9558  
http://packetstormsecurity.com/files/cve/CVE-2014-9558  
http://www.pentest.it/cve-2014-9558.html  
http://www.naked-security.com/cve/CVE-2014-9558/  
http://007software.net/cve-2014-9558/  
  
  
  
  
  
  
  
--  
Wang Jing,  
Division of Mathematical Sciences (MAS),  
School of Physical and Mathematical Sciences (SPMS),  
Nanyang Technological University (NTU),  
Singapore.  
http://www.tetraph.com/wangjing/  
  
  
`

Related

cvelist 1
cve 1
prion 1
exploitdb 1
nvd 1
cvelist
cvelist
CVE-2014-9558
2017-08-28 15:00:00
cve
cve
CVE-2014-9558
2017-08-28 15:29:00
prion
prion
Sql injection
2017-08-28 15:29:00
exploitdb
exploitdb
SmartCMS 2 - SQL Injection
2010-05-04 00:00:00
nvd
nvd
CVE-2014-9558
2017-08-28 15:29:00

EPSS

0.002

Percentile

54.8%

JSON
Related for PACKETSTORM:130075
cvelist1cve1prion1exploitdb1nvd1