vendor:
CMS
by:
Daniel Godoy
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: CMS
Affected Version From: All
Affected Version To: All
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: Linux, Windows
2011
Comerciosonline CMS SQLi
Comerciosonline CMS is vulnerable to SQL injection. An attacker can exploit this vulnerability by sending malicious SQL queries to the database server through the web application. This can be done by manipulating the input parameters of the application. For example, an attacker can send a malicious SQL query to the application by appending it to the URL parameter 'codf' in the 'pp_productos.php' page. Additionally, an attacker can also exploit the URL redirection vulnerability in the 'anuncioredir.php' page by manipulating the 'redir' parameter.
Mitigation:
Input validation should be performed on all input parameters to prevent malicious SQL queries from being executed. Additionally, the application should also perform proper validation on the 'redir' parameter in the 'anuncioredir.php' page to prevent malicious URL redirection.