vendor:
SpireCMS
by:
Dr.0rYX and Cr3w-DZ
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: SpireCMS
Affected Version From: 2
Affected Version To: 2
Patch Exists: N/A
Related CWE: N/A
CPE: a:spiread:spirecms:2.0
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2009
SpireCMS v2.0 SQL Injection Vulnerability
SpireCMS v2.0 is vulnerable to a SQL injection vulnerability. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable application. This request can be used to extract sensitive information from the database, such as usernames and passwords. The vulnerable parameter is the alb_id parameter in the photo_album.php file. An attacker can send a malicious request such as http://server/photo_album.php?alb_id=-1+UNION+SELECT+GROUP_Concat(id,0x3a,username,0x3a,password)+from+users or http://server/photo_album.php?alb_id=-1+UNION+SELECT+GROUP_Concat(id,0x3a,username,0x3a,password),null+from+users to extract sensitive information from the database.
Mitigation:
Developers should ensure that user input is properly sanitized and validated before being used in SQL queries. Additionally, developers should use parameterized queries to prevent SQL injection attacks.
