header-logo
Suggest Exploit
vendor:
LucidCMS
by:
SecurityFocus
8.8
CVSS
HIGH
SQL Injection
89
CWE
Product Name: LucidCMS
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: N/A
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2005

lucidCMS SQL Injection Vulnerability

LucidCMS is prone to an SQL injection vulnerability. An attacker can exploit this vulnerability by entering malicious data into the login and password fields of the login page. This could allow an attacker to gain administrative privileges and potentially compromise the underlying system.

Mitigation:

Developers should ensure that user-supplied input is properly sanitized and validated before being used in SQL queries.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/14976/info

lucidCMS is prone to to an SQL injection vulnerability.

Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.

Ultimately an attacker could exploit this vulnerability to gain administrative privileges. This could facilitate a compromise of the underlying system; other attacks are also possible.

The following proof of concept demonstrates data to be entered into the login and password fields of the login page:

login: 'UNION(SELECT'1','admin','admin','FAKE@example.com','d41d8cd98f00b204e9800998ecf8427e','1')/*
pass: [nothing]