Description
No description provided by source.
{"href": "https://www.seebug.org/vuldb/ssvid-15159", "status": "poc", "bulletinFamily": "exploit", "modified": "2009-12-29T00:00:00", "title": "Sheedravi CMS SQL Injection Vulnerability", "cvss": {"vector": "NONE", "score": 0.0}, "sourceHref": "https://www.seebug.org/vuldb/ssvid-15159", "cvelist": [], "description": "No description provided by source.", "viewCount": 4, "published": "2009-12-29T00:00:00", "sourceData": "\n ================= IUT-CERT =================\r\n\r\nTitle: Sheedravi CMS SQL Injection Vulnerability\r\n\r\nVendor: www.sheedravi.com\r\n\r\nDork: Design by Sheed Graphic Co\r\nType: Input.Validation.Vulnerability (SQL Injection)\r\n\r\nFix: N/A\r\n\r\n================== nsec.ir =================\r\n\r\nDescription:\r\n\r\n------------------\r\n\r\nSheedravi is a CMS producer in Iran. /template1/advancedsearch.aspx page in Sheedravi CMS\r\n\r\nproduct are vulnerable to SQL Injection vulnerability.\r\n\r\nVulnerability Variant:\r\n\r\n------------------\r\nInjection "/template1/advancedsearch.aspx.aspx" in "txtAdvancedkeyword" POST parameter\r\nvalue:' or 1=1;--\r\n '\r\n <script>\r\nand,...\r\n\r\n\r\nSolution:\r\n\r\n------------------\r\n\r\nInput validation of "txtAdvancedkeyword" POST parameter should be corrected.\r\n\r\nCredit:\r\n\r\n------------------\r\n\r\nIsfahan University of Technology - Computer Emergency Response Team\r\n\r\nThanks to : M. Fereidounian, M. R. Faghani, N. Fathi,E. Jafari\r\n\n ", "id": "SSV:15159", "enchantments_done": [], "type": "seebug", "lastseen": "2017-11-19T18:18:13", "reporter": "Root", "enchantments": {"score": {"value": 0.2, "vector": "NONE"}, "dependencies": {}, "backreferences": {}, "exploitation": null, "vulnersScore": 0.2}, "references": [], "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1645304315, "score": 1659785532, "epss": 1678851499}}
{}
Sheedravi CMS SQL Injection Vulnerability