6 matches found
CVE-2021-28142
CITSmart before 9.1.2.28 mishandles the "filtro de autocomplete."...
CITSmart ITSM 9.1.2.27 SQL Injection
Exploit Title: CITSmart ITSM 9.1.2.27 - 'query' Time-based Blind SQL Injection Authenticated Google Dork: "citsmart.local" Date: 11/03/2021 Exploit Author: skysbsb Vendor Homepage: https://docs.citsmart.com/pt-br/citsmart-platform-9/get-started/about-citsmart/release-notes.html Version: = 9.1.2.2...
CITSmart ITSM 9.1.2.27 - (query) Time-based Blind SQL Injection (Authenticated) Vulnerability
Exploit Title: CITSmart ITSM 9.1.2.27 - 'query' Time-based Blind SQL Injection Authenticated Google Dork: "citsmart.local" Exploit Author: skysbsb Vendor Homepage: https://docs.citsmart.com/pt-br/citsmart-platform-9/get-started/about-citsmart/release-notes.html Version: = 9.1.2.28 Vendor has...
CITSmart ITSM 9.1.2.27 - 'query' Time-based Blind SQL Injection (Authenticated)
Exploit Title: CITSmart ITSM 9.1.2.27 - 'query' Time-based Blind SQL Injection Authenticated Google Dork: "citsmart.local" Date: 11/03/2021 Exploit Author: skysbsb Vendor Homepage: https://docs.citsmart.com/pt-br/citsmart-platform-9/get-started/about-citsmart/release-notes.html Version: = 9.1.2.2...
CVE-2021-28142
CITSmart before 9.1.2.28 mishandles the "filtro de autocomplete."...
CVE-2021-28142
CVE-2021-28142 affects CITSmart ITSM prior to 9.1.2.28, where the application mishandles the autocomplete filter and allows a SQL injection via the query parameter in the autoCompletePortal path. Multiple connected documents confirm this is a SQL Injection vulnerability (tested as Time-based Blin...