vendor:
724CMS Enterprise Version 4.59
by:
CoBRa_21
8,8
CVSS
HIGH
SQL Injection
89
CWE
Product Name: 724CMS Enterprise Version 4.59
Affected Version From: 4.59
Affected Version To: 4.59
Patch Exists: NO
Related CWE: N/A
CPE: 724cms.com
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2020
724CMS Enterprise Version 4.59 (section.php) SQL Injection Vulnerability
An attacker can exploit this vulnerability by sending a maliciously crafted SQL query to the vulnerable application. This can be done by sending a specially crafted HTTP request to the vulnerable application. The attacker can use the ‘union select’ statement to retrieve data from the database. The attacker can also use the ‘group_concat’ statement to retrieve multiple rows of data from the database.
Mitigation:
The application should use parameterized queries to prevent SQL injection attacks. The application should also use input validation to prevent malicious input from being processed by the application.
