JonhCMS 4.5.1 - (go.php?id) - SQL Injection

vendor:

JohnCMS

by:

Besim

CVSS

HIGH

SQL Injection

CWE

Product Name: JohnCMS

Affected Version From: 4.5.1

Affected Version To: 4.5.1

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: PHP

2016

JonhCMS 4.5.1 – (go.php?id) – SQL Injection

The vulnerability exists due to insufficient sanitization of user-supplied input in the 'id' parameter of the 'go.php' script. A remote attacker can execute arbitrary SQL commands in the application's database, cause denial of service, access or modify sensitive data, exploit various vulnerabilities in the underlying SQL server software, etc.

Mitigation:

Input validation should be used to prevent SQL injection attacks. All user-supplied input should be validated and filtered before being passed to the SQL server.

Source

Exploit-DB raw data:

# Exploit Title :----------------- : JonhCMS 4.5.1 - (go.php?id) - SQL Injection
# Author :------------------------ : Besim
# Google Dork :---------------- :  -
# Date :-------------------------- : 14/10/2016
# Type :-------------------------- : webapps
# Platform : -------------------- :  PHP  
# Vendor Homepage :------- : -
# Software link : -------------- : http://wmscripti.com/php-scriptler/johncms-icerik-yonetim-scripti.html

############ SQL INJECTION Vulnerabilty ##############


-*-*- :  Vulnerable code----------: $req = mysql_query("SELECT * FROM `cms_ads` WHERE `id` = '$id'");
-*-*- :  Vulnerable parameter--: $id
-*-*- :  Vulnerable file------------: http://site_name/path/go.php?id=[SQL injection code]