header-logo
Suggest Exploit
vendor:
Dimac CMS XS
by:
Unknown
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Dimac CMS XS
Affected Version From: Dimac CMS XS 1.3
Affected Version To: Unknown (other versions may also be affected)
Patch Exists: NO
Related CWE: Unknown
CPE: a:dimac_cms:dimac_cms_xs:1.3
Metasploit:
Other Scripts:
Platforms Tested: Unknown (not mentioned in the source)
Unknown

Dimac CMS XS SQL Injection Vulnerability

The Dimac CMS XS application is prone to an SQL-injection vulnerability due to improper sanitization of user-supplied input before using it in an SQL query. An attacker can exploit this vulnerability to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.

Mitigation:

To mitigate this vulnerability, it is recommended to implement proper input validation and sanitization techniques to prevent SQL injection attacks. Additionally, using prepared statements or parameterized queries can also help in preventing such vulnerabilities.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/47291/info

Dimac CMS XS is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query.

A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.

Dimac CMS XS 1.3 is vulnerable; other versions may also be affected. 

The following example URI and data are available:

http://www.example.com/[path]/CMSadmin/default.asp

Username : admin
Password : 1'or'1'='1

Navigation

Suggest Exploit

Services By CQR