3 matches found
MSVOD 10 - 'cid' SQL Injection
Exploit Title: MSVOD V10 ¡V SQL Injection Google Dork: inurl:"images/lists?cid=13" Date: 2018/07/17 Exploit Author: Hzllaga Vendor Homepage: http://www.msvod.cc/ Version: MSVOD V10 CVE : CVE-2018-14418 Reference : https://www.wtfsec.org/2583/msvod-v10-sql-injection/ Payload:...
MSVOD 10 - cid SQL Injection
MSVOD 10 - cid SQL Injection Exploit Title: MSVOD V10 ¡V SQL Injection Google Dork: inurl:"images/lists?cid=13" Date: 2018/07/17 Exploit Author: Hzllaga Vendor Homepage: http://www.msvod.cc/ Version: MSVOD V10 CVE : CVE-2018-14418 Reference : https://www.wtfsec.org/2583/msvod-v10-sql-injection/...
CVE-2018-14418
Summary: CVE-2018-14418 affects Msvod Cms v10 and is a SQL Injection vulnerability exploitable via the images/lists?cid= URI. The root cause is unsanitized input in the cid parameter, enabling arbitrary SQL commands. Public exploit content shows how payloads can retrieve database, user, and versi...