vendor:
Xaran Cms
by:
ajann
7.5
CVSS
HIGH
Remote SQL Injection
89
CWE
Product Name: Xaran Cms
Affected Version From: Xaran Cms version <= 2.0
Affected Version To: Xaran Cms version <= 2.0
Patch Exists: NO
Related CWE: Not specified
CPE: Not specified
Platforms Tested:
Not specified
Xaran Cms <= V2.0 (xarancms_haupt.php) Remote SQL Injection Exploit
This exploit allows an attacker to perform a remote SQL injection attack on Xaran Cms version 2.0. By exploiting this vulnerability, an attacker can retrieve the admin username and password from the database.
Mitigation:
Upgrade to a patched version of Xaran Cms or apply appropriate security measures to prevent SQL injection attacks.