vendor:
Quick.CMS Lite
by:
-=Player=-
7,5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Quick.CMS Lite
Affected Version From: 0.5
Affected Version To: 0.5
Patch Exists: NO
Related CWE: N/A
CPE: a:opensolution:quick.cms_lite
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2009
SQL Injection in Quick.CMS Lite 0.5
A SQL injection vulnerability exists in Quick.CMS Lite 0.5 when the 'id' parameter is passed to the 'index.php' script. An attacker can exploit this vulnerability to gain access to the database and execute arbitrary SQL commands.
Mitigation:
Ensure that user-supplied input is properly sanitized before being used in SQL queries.
