ID 1337DAY-ID-10853
Type zdt
Reporter Ariko-Security
Modified 2010-02-11T00:00:00
Description
Exploit for unknown platform in category web applications
===================================
apemCMS SQL Injection Vulnerability
===================================
============ { Ariko-Security - Advisory #1/2/2010 } =============
SQL injection vulnerability in apemCMS
Vendor's Description of Software:
# http://apem.com.pl/?sc=oferta
Dork:
#Powered by apemCMS
Application Info:
# Name: apemCMS
# Versions: ALL
Vulnerability Info:
# Type: SQL injection Vulnerability
# Risk: High
Fix:
# 11.FEB Fixed
It was found that apemCMS does not validate properly the "id" parameter
value.
Solution:
# Input validation of "id" parameter should be corrected.
Vulnerability:
# http://server/?mod=view_default&id=68[SQLi]
# 0day.today [2018-01-02] #
{"hash": "ac35f1a4ce1b651d3ac4df1ff60ad35ad76650684ba0d3b6e36d9b84b2100c09", "id": "1337DAY-ID-10853", "lastseen": "2018-01-02T07:07:44", "viewCount": 0, "hashmap": [{"hash": "708697c63f7eb369319c6523380bdf7a", "key": "bulletinFamily"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvelist"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "00157601768b634735774d15ccd18f9e", "key": "description"}, {"hash": "619e4c8983aa34585029f977cc48a6e0", "key": "href"}, {"hash": "a8fe98f2441773751036373f8b790083", "key": "modified"}, {"hash": "a8fe98f2441773751036373f8b790083", "key": "published"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "88826cff4ee5b601c2c5e813afc87265", "key": "reporter"}, {"hash": "d5da845780ec742ebe8f0901d7cb3fc9", "key": "sourceData"}, {"hash": "c088afb3a45b1b0c377214690d125f21", "key": "sourceHref"}, {"hash": "170fa7e543bfaff23a53bd54589255e3", "key": "title"}, {"hash": "0678144464852bba10aa2eddf3783f0a", "key": "type"}], "bulletinFamily": "exploit", "cvss": {"score": 0.0, "vector": "NONE"}, "edition": 2, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}, "vulnersScore": 7.5}, "type": "zdt", "sourceHref": "https://0day.today/exploit/10853", "description": "Exploit for unknown platform in category web applications", "title": "apemCMS SQL Injection Vulnerability", "history": [{"bulletin": {"hash": "1cc0d74965f113a5eb2a6d2f0ffd838d0da4cfe22289c0625ac02d8db0510e9c", "id": "1337DAY-ID-10853", "lastseen": "2016-04-20T00:12:18", "enchantments": {"score": {"value": 6.5, "modified": "2016-04-20T00:12:18"}}, "hashmap": [{"hash": "708697c63f7eb369319c6523380bdf7a", "key": "bulletinFamily"}, {"hash": "88826cff4ee5b601c2c5e813afc87265", "key": "reporter"}, {"hash": "a8fe98f2441773751036373f8b790083", "key": "published"}, {"hash": "0678144464852bba10aa2eddf3783f0a", "key": "type"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "170fa7e543bfaff23a53bd54589255e3", "key": "title"}, {"hash": "29a8219afd9025346036c36f59dafee3", "key": "sourceHref"}, {"hash": "a8fe98f2441773751036373f8b790083", "key": "modified"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvelist"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "9c7272db45d76964dd02e81b514fb036", "key": "href"}, {"hash": "8ea6104092689595e607d80f62425b75", "key": "sourceData"}, {"hash": "00157601768b634735774d15ccd18f9e", "key": "description"}], "bulletinFamily": "exploit", "history": [], "edition": 1, "type": "zdt", "sourceHref": "http://0day.today/exploit/10853", "description": "Exploit for unknown platform in category web applications", "viewCount": 0, "title": "apemCMS SQL Injection Vulnerability", "cvss": {"score": 0.0, "vector": "NONE"}, "objectVersion": "1.0", "cvelist": [], "sourceData": "===================================\r\napemCMS SQL Injection Vulnerability\r\n===================================\r\n\r\n============ { Ariko-Security - Advisory #1/2/2010 } =============\r\n \r\n SQL injection vulnerability in apemCMS\r\n \r\nVendor's Description of Software:\r\n# http://apem.com.pl/?sc=oferta\r\n \r\nDork:\r\n#Powered by apemCMS\r\n \r\nApplication Info:\r\n# Name: apemCMS\r\n# Versions: ALL\r\n \r\nVulnerability Info:\r\n# Type: SQL injection Vulnerability\r\n# Risk: High\r\n \r\nFix:\r\n# 11.FEB Fixed\r\n \r\nIt was found that apemCMS does not validate properly the \"id\" parameter\r\n value.\r\n \r\nSolution:\r\n# Input validation of \"id\" parameter should be corrected.\r\n \r\n \r\nVulnerability:\r\n# http://server/?mod=view_default&id=68[SQLi]\r\n\r\n\r\n\n# 0day.today [2016-04-19] #", "published": "2010-02-11T00:00:00", "references": [], "reporter": "Ariko-Security", "modified": "2010-02-11T00:00:00", "href": "http://0day.today/exploit/description/10853"}, "lastseen": "2016-04-20T00:12:18", "edition": 1, "differentElements": ["sourceHref", "sourceData", "href"]}], "objectVersion": "1.3", "cvelist": [], "sourceData": "===================================\r\napemCMS SQL Injection Vulnerability\r\n===================================\r\n\r\n============ { Ariko-Security - Advisory #1/2/2010 } =============\r\n \r\n SQL injection vulnerability in apemCMS\r\n \r\nVendor's Description of Software:\r\n# http://apem.com.pl/?sc=oferta\r\n \r\nDork:\r\n#Powered by apemCMS\r\n \r\nApplication Info:\r\n# Name: apemCMS\r\n# Versions: ALL\r\n \r\nVulnerability Info:\r\n# Type: SQL injection Vulnerability\r\n# Risk: High\r\n \r\nFix:\r\n# 11.FEB Fixed\r\n \r\nIt was found that apemCMS does not validate properly the \"id\" parameter\r\n value.\r\n \r\nSolution:\r\n# Input validation of \"id\" parameter should be corrected.\r\n \r\n \r\nVulnerability:\r\n# http://server/?mod=view_default&id=68[SQLi]\r\n\r\n\r\n\n# 0day.today [2018-01-02] #", "published": "2010-02-11T00:00:00", "references": [], "reporter": "Ariko-Security", "modified": "2010-02-11T00:00:00", "href": "https://0day.today/exploit/description/10853"}
{}
