Lucene search
RootSSV:4883HistoryMar 11, 2009 - 12:00 a.m.
TinX CMS rss.php模块SQL注入漏洞
2009-03-1100:00:00
Root
www.seebug.org
9
0.001 Low
EPSS
Percentile
47.9%
BUGTRAQ ID: 34021
CVE(CAN) ID: CVE-2009-0825
TinX/cms是使用PHP/MySQL编写的开源内容管理系统。
TinX的CMS rss.php模块中没有正确地验证传送给id参数的用户输入,远程攻击者可以通过提交恶意请求执行SQL注入攻击。
TinX/cms 3.x
厂商补丁:
TinX/cms
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
<a href=“http://sourceforge.net/project/shownotes.php?group_id=133415&release_id=658540” target=“_blank”>http://sourceforge.net/project/shownotes.php?group_id=133415&release_id=658540</a>
http://[server]/system/rss.php?id=1'SQL-code
Related
ptsecurity
ptsecurity
PT-2009-13: TinX CMS SQL Injection Vulnerability
2009-06-03 00:00:00
packetstorm
packetstorm
TinX CMS SQL Injection
2009-03-06 00:00:00
cve
cve
CVE-2009-0825
2009-03-09 21:30:00
prion
prion
Sql injection
2009-03-09 21:30:00
securityvulns
securityvulns
[Positive Technologies SA:2009-13] TinX CMS 3.x SQL Injection Vulnerability
2009-03-09 00:00:00
openvas
openvas
TinX CMS < 3.5.1 SQLi Vulnerability - Active Check
2009-03-10 00:00:00
TinX CMS 'rss.php' SQL Injection Vulnerability
2009-03-10 00:00:00
cvelist
cvelist
CVE-2009-0825
2009-03-09 21:00:00