vendor:
phpcms V9
by:
eidelweiss
8.8
CVSS
HIGH
BLind SQL Injection
89
CWE
Product Name: phpcms V9
Affected Version From: V9
Affected Version To: V9
Patch Exists: NO
Related CWE: N/A
CPE: a:phpcms:phpcms_v9
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2011
phpcms V9 BLind SQL Injection Vulnerability
phpcms V9 is vulnerable to Blind SQL Injection. An attacker can exploit this vulnerability to gain access to the database and execute arbitrary SQL commands. The vulnerability exists due to insufficient sanitization of user-supplied input in the 'catid' parameter of the 'index.php' script. An attacker can exploit this vulnerability by sending a specially crafted HTTP request with a malicious 'catid' parameter. This will allow the attacker to execute arbitrary SQL commands on the underlying database. The vulnerability can be exploited by sending a specially crafted HTTP request with a malicious 'catid' parameter.
Mitigation:
Input validation should be used to prevent SQL injection attacks. All user-supplied input should be validated and filtered before being used in SQL queries.