apemCMS SQL Injection Vulnerability

2010-02-11T00:00:00
ID 1337DAY-ID-10853
Type zdt
Reporter Ariko-Security
Modified 2010-02-11T00:00:00

Description

Exploit for unknown platform in category web applications

                                        
                                            ===================================
apemCMS SQL Injection Vulnerability
===================================

============ { Ariko-Security - Advisory #1/2/2010 } =============
 
       SQL injection vulnerability in apemCMS
 
Vendor's Description of Software:
# http://apem.com.pl/?sc=oferta
 
Dork:
#Powered by apemCMS
 
Application Info:
# Name: apemCMS
# Versions: ALL
 
Vulnerability Info:
# Type: SQL injection Vulnerability
# Risk: High
 
Fix:
# 11.FEB Fixed
 
It was found that apemCMS does not validate properly the "id" parameter
 value.
 
Solution:
# Input validation of "id" parameter should be corrected.
 
 
Vulnerability:
# http://server/?mod=view_default&id=68[SQLi]



#  0day.today [2018-01-02]  #