InstantCMS 1.10.3 - Blind SQL Injection

No description provided by source...

InstantCMS 1.6 - Remote PHP Code Execution

No description provided by source. require 'msf/core' class Metasploit3 Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient def initializeinfo = superupdateinfoinfo, 'Name' = 'InstantCMS 1.6 Remote PHP Code Execution', 'Description' = %q This module exploits an...

SQL Injection in InstantCMS

Advisory ID: HTB23185 Product: InstantCMS Vendor: InstantSoft Vulnerable Versions: 1.10.3 and probably prior Tested Version: 1.10.3 Advisory Publication: November 20, 2013 without technical details Vendor Notification: November 20, 2013 Vendor Patch: November 21, 2013 Public Disclosure: December...

BF, LE and IAA vulnerabilities in InstantCMS

Hello 3APA3A! As I've announced earlier http://seclists.org/fulldisclosure/2013/Nov/219, I conducted a Day of bugs in WordPress 3. At 30.11.2013 I disclosed many new vulnerabilities in WordPress. I've disclosed 10 holes they were placed at my site for your attention. And this is translation of th...

PT-2014-68: Multiple SQL Injection in InstantCMS

The specialists of the Positive Research center have detected multiple SQL Injection vulnerabilities in InstantCMS. SQL Injection in the cms.php script allows remote attackers to execute arbitrary SQL commands via a specially crafted request. How to fix Update your software up to the latest...

PT-2014-67: Open Redirect in InstantCMS

The specialists of the Positive Research center have detected an Open Redirect vulnerability in InstantCMS. Open redirect in the set.php script allows remote attackers to control user redirection. This vulnerability can be exploited to conduct a series of attacks against users of the web...

PT-2014-66: Cross-Site Scripting in InstantCMS

The specialists of the Positive Research center have detected a Cross-Site Scripting vulnerability in InstantCMS. Cross-site scripting in the frontend.php file allows remote attackers to inject arbitrary HTML tags including JavaScript scripts, etc. to a page processed by user's browser. How to fi...

PT-2014-65: Multiple Cross-Site Scripting in InstantCMS

The specialists of the Positive Research center have detected multiple Cross-Site Scripting vulnerabilities in InstantCMS. Cross-site scripting in the spellchecker.php file allows remote attackers to inject arbitrary HTML tags including JavaScript scripts, etc. to a page processed by user's...

InstantCMS 1.10.3 - Blind SQL Injection

Exploit for windows platform in category web applications Advisory Details: High-Tech Bridge Security Research Lab discovered blind SQL injection vulnerability in InstantCMS, which can be exploited to perform SQL Injection attacks, alter SQL requests and compromise vulnerable application. 1 SQL...

InstantCMS 1.10.3 - Blind SQL Injection

InstantCMS 1.10.3 - Blind SQL Injection Advisory ID: HTB23185 Product: InstantCMS Vendor: InstantSoft Vulnerable Versions: 1.10.3 and probably prior Tested Version: 1.10.3 Advisory Publication: November 20, 2013 without technical details Vendor Notification: November 20, 2013 Vendor Patch: Novemb...

InstantCMS 1.10.3 - Blind SQL Injection

Advisory ID: HTB23185 Product: InstantCMS Vendor: InstantSoft Vulnerable Versions: 1.10.3 and probably prior Tested Version: 1.10.3 Advisory Publication: November 20, 2013 without technical details Vendor Notification: November 20, 2013 Vendor Patch: November 21, 2013 Public Disclosure: December...

InstantCMS SQL注入漏洞

CVECAN ID: CVE-2013-6839 InstantCMS是一款内容管理系统。 InstantCMS存在SQL注入漏洞，由于传递的"/catalog/id"的"orderby" HTTP POST参数未充分过滤，允许远程攻击者利用漏洞提交特制的SQL查询，可操作或获取数据库数据。 0 InstantCMS=1.10.3 厂商补丁： InstantCMS ----- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载：...

CVE-2013-6839

SQL injection vulnerability in InstantSoft InstantCMS 1.10.3 and earlier allows remote attackers to execute arbitrary SQL commands via the orderby parameter to catalog/id...

Sql injection

SQL injection vulnerability in InstantSoft InstantCMS 1.10.3 and earlier allows remote attackers to execute arbitrary SQL commands via the orderby parameter to catalog/id...

CVE-2013-6839

InstantCMS (InstantSoft) 1.10.3 and earlier is affected by a blind SQL injection via the orderby parameter to /catalog/[id]. An unauthenticated remote attacker can submit crafted SQL through the HTTP POST parameter to manipulate the database. High-Tech Bridge disclosed the issue (CVE-2013-6839) w...

CVE-2013-6839

SQL injection vulnerability in InstantSoft InstantCMS 1.10.3 and earlier allows remote attackers to execute arbitrary SQL commands via the orderby parameter to catalog/id...

InstantCMS 1.10.3 SQL Injection

Advisory ID: HTB23185 Product: InstantCMS Vendor: InstantSoft Vulnerable Versions: 1.10.3 and probably prior Tested Version: 1.10.3 Advisory Publication: November 20, 2013 without technical details Vendor Notification: November 20, 2013 Vendor Patch: November 21, 2013 Public Disclosure: December...

InstantCMS 1.10.3 SQL Injection Vulnerability

InstantCMS version 1.10.3 suffers from a remote SQL injection vulnerability. Vendor: InstantSoft Vulnerable Versions: 1.10.3 and probably prior Tested Version: 1.10.3 Advisory Publication: November 20, 2013 without technical details Vendor Notification: November 20, 2013 Vendor Patch: November 21...

BF, LE and IAA vulnerabilities in InstantCMS

Hello 3APA3A! In addition to multiple vulnerabilities in InstantCMS, which I've disclosed earlier, here are new ones. These are Brute Force, Login Enumeration and Insufficient Anti-automation vulnerabilities in InstantCMS. ------------------------- Affected products: -------------------------...

SQL Injection in InstantCMS

High-Tech Bridge Security Research Lab discovered blind SQL injection vulnerability in InstantCMS, which can be exploited to perform SQL Injection attacks, alter SQL requests and compromise vulnerable application. 1 SQL Injection in InstantCMS: CVE-2013-6839 The vulnerability exists due to...