header-logo
Suggest Exploit
vendor:
Webit CMS
by:
CoBRa_21
8,8
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Webit CMS
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2020

Webit Cms SQL Injection Vulnerability

A SQL injection vulnerability exists in Webit CMS, which allows an attacker to execute arbitrary SQL commands on the underlying database. The vulnerability is due to insufficient sanitization of user-supplied input in the 'sid' parameter of the 'main.php' script. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing malicious SQL commands to the vulnerable script. This can allow the attacker to gain access to sensitive information stored in the database, modify or delete data, or even execute arbitrary system commands on the server.

Mitigation:

Input validation should be used to ensure that user-supplied data is properly sanitized before being used in SQL queries. Additionally, the application should use parameterized queries to prevent SQL injection.
Source

Exploit-DB raw data:

-------------------------------------------------------------------------------------------

Webit Cms SQL Injection Vulnerability
 
-------------------------------------------------------------------------------------------
 
Author: CoBRa_21
 
Script Home: http://www.webitcms.gr

Dork: powered by webit! cms

-------------------------------------------------------------------------------------------
 
Sql Injection:
 
http://localhost/[path]/templates/main/main.php?sid=426+and+1=1

http://localhost/[path]/templates/main/main.php?sid=426+and+1=2

-------------------------------------------------------------------------------------------

Navigation

Suggest Exploit

Services By CQR