6 matches found
CVE-2007-6586
CVE-2007-6586 is a SQL injection in nicLOR-CMS (sezione_news.php) that allows remote attackers to inject arbitrary SQL via the id parameter in a sezione page action to index.php. Affected: nicLOR-CMS, sezione_news.php; impact per sources is partial confidentiality/integrity/availability. Exploit ...
nicLOR CMS sezione_news.php SQL注入漏洞
BUGTRAQ ID: 26983 CNCAN ID:CNCAN-2007122410 nicLOR CMS是一款基于PHP的WEB应用程序。 nicLOR CMS不正确过滤用户提交的URI数据,远程攻击者可以利用漏洞进行SQL注入攻击,可获得敏感信息或操作数据库。 问题是由于'sezionenews.php'脚本对用户提交的'id'参数处理缺少充分过滤,提交恶意SQL查询作为参数数据,可更改原来的SQL逻辑,获得敏感信息或操作数据库。 nicLOR nicLOR 16-04-06 目前没有解决方案提供: http://www.niclor.net/...
nicLOR CMS (sezione_news.php) Remote SQL Injection Vulnerability
No description provided by source. Name : nicLOR-CMS SQL Injection Vulnerability. Author : x0kster Email : [email protected] Script Download : http://www.niclor.net/prodotti/16-04-06-niclorcms.zip Date : 21/12/2007 SQL Injection in sezionenews.php ?php ... $intSezioneID = $GET'id'; ... $strSQL =...
nicLOR CMS (sezione_news.php) Remote SQL Injection Vulnerability
Exploit for unknown platform in category web applications ================================================================ nicLOR CMS sezionenews.php Remote SQL Injection Vulnerability ================================================================ Name : nicLOR-CMS SQL Injection Vulnerability...
nicLOR CMS - sezione_news.php SQL Injection
nicLOR CMS - sezionenews.php SQL Injection Name : nicLOR-CMS SQL Injection Vulnerability. Author : x0kster Email : [email protected] Script Download : http://www.niclor.net/prodotti/16-04-06-niclorcms.zip Date : 21/12/2007 SQL Injection in sezionenews.php So we can exploit the $intSezioneID and...
nicLOR CMS - 'sezione_news.php' SQL Injection
Name : nicLOR-CMS SQL Injection Vulnerability. Author : x0kster Email : [email protected] Script Download : http://www.niclor.net/prodotti/16-04-06-niclorcms.zip Date : 21/12/2007 SQL Injection in sezionenews.php So we can exploit the $intSezioneID and execute an sql injection. PoC:...