header-logo
Suggest Exploit
vendor:
Zomorrod CMS
by:
Pouya Daneshmand
8,8
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Zomorrod CMS
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: a:zomorrod:zomorrod_cms
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2020

SQL Injection Vulnerability in Zomorrod CMS

A SQL injection vulnerability was discovered in Zomorrod CMS. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing malicious SQL statements to the vulnerable application. This can allow the attacker to gain access to sensitive information stored in the database, modify or delete data, or even execute arbitrary system commands.

Mitigation:

Input validation should be used to prevent SQL injection attacks. All user-supplied input should be validated and filtered before being used in SQL statements. Additionally, parameterized queries should be used to prevent SQL injection attacks.
Source

Exploit-DB raw data:

#################################################################
# Securitylab.ir
#################################################################
# Application Info:
# Name: Zomorrod Cms
# Vendor: http://www.zomorrod.net
#################################################################
Vulnerability:
http://site.ir/topic.php?SITE_item=54'+and+convert(int,@@version)='54
#################################################################
# Discoverd By: Pouya Daneshmand
# Website: http://securitylab.ir
# Contacts: info[at]securitylab.ir & whh_iran@yahoo.com<mailto:whh_iran@yahoo.com>
###################################################################

Navigation

Suggest Exploit

Services By CQR