7 matches found
CVE-2014-9464
SQL injection vulnerability in Category.php in Microweber CMS 0.95 before 20141209 allows remote attackers to execute arbitrary SQL commands via the category parameter when displaying a category, related to the $parentid variable...
Microweber 0.95 - SQL Injection Vulnerability
Exploit Title: Microweber 0.95 - SQL Injection Vulnerability Vendor: https://microweber.com/ Download link: https://microweber.com/download https://github.com/microweber/microweber CVE ID: CVE-2014-9464 Vulnerability: SQL Injection Affected version: Version 0.95 before 12/09/2014. Fixed version:...
Microweber CMS 0.95 - SQL Injection
Microweber CMS 0.95 - SQL Injection Exploit Title: SQL Injection in Microweber CMS 0.95 Google Dork: N/A Date: 12/16/2014 Exploit Author: Pham Kien Cuong [email protected] and ITAS Team www.itas.vn Vendor Homepage: Microweber https://microweber.com/ Software Link:...
Microweber CMS 0.95 - SQL Injection Vulnerability
Microweber CMS version 0.95 suffers from a remote SQL injection vulnerability. Exploit Title: SQL Injection in Microweber CMS 0.95 Google Dork: N/A Date: 12/16/2014 Exploit Author: Pham Kien Cuong email protected and ITAS Team www.itas.vn Vendor Homepage: Microweber https://microweber.com/ Softwa...
Microweber CMS 0.95 - SQL Injection
Exploit Title: SQL Injection in Microweber CMS 0.95 Google Dork: N/A Date: 12/16/2014 Exploit Author: Pham Kien Cuong [email protected] and ITAS Team www.itas.vn Vendor Homepage: Microweber https://microweber.com/ Software Link: https://github.com/microweber/microweber Version: 0.95 Tested on:...
CVE-2014-9464
SQL injection vulnerability in Category.php in Microweber CMS 0.95 before 20141209 allows remote attackers to execute arbitrary SQL commands via the category parameter when displaying a category, related to the $parentid variable...
CVE-2014-9464
CVE-2014-9464 describes a SQL injection in Microweber CMS 0.95 (before 20141209) via the category parameter in Category.php, related to the $parent_id variable. The root cause is unsafe SQL construction in get_children, enabling remote attackers to execute arbitrary SQL commands. Public disclosur...