vendor:
ZaoCMS
by:
Qabandi
7,5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: ZaoCMS
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2009
ZaoCMS – SQL Injection Vulnerability
An SQL injection vulnerability exists in ZaoCMS. An attacker can exploit this vulnerability to gain access to sensitive information from the database. The vulnerability is due to the application not properly sanitizing user-supplied input before using it in an SQL query. An attacker can exploit this vulnerability by sending a specially crafted SQL query to the vulnerable application. This can allow the attacker to gain access to sensitive information from the database.
Mitigation:
Input validation should be used to ensure that untrusted data is not used to construct SQL queries that are executed against the database.