tsmim lessons library sql injection Vulnerabilities

vendor:

tsmim lessons library

by:

M.Jock3R

7.5

CVSS

HIGH

SQL Injection

CWE

Product Name: tsmim lessons library

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: N/A

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows XP Sp2 FR

2020

tsmim lessons library sql injection Vulnerabilities

The vulnerability exists in the show.php file, where an attacker can inject malicious SQL queries via the 'cid' and 'page' parameters. An attacker can exploit this vulnerability to gain access to sensitive information from the database.

Mitigation:

Input validation should be used to prevent SQL injection attacks. Additionally, parameterized queries should be used to prevent SQL injection.

Source

Exploit-DB raw data:

===================================================================================
tsmim lessons library sql injection Vulnerabilities 
===================================================================================

# Exploit Title: tsmim lessons library sql injection Vulnerabilities
# Author: M.Jock3R
# Script Support Link: http://www.tsmim.com/vb/showthread.php?t=21783
# Download Script: http://up.tsmim.com/uploads/files/tsmim-e47615d4bd.zip
# Category:: webapps
# Tested on: windows XP Sp2 FR

===================================================================================

-----------------------------------------------------------------------------------

Vunl file : show.php

Exploit:

http://localhost/droos/show.php?cid=2&page=[Inj3ct]

===================================================================================

Greets To : 
adelsbm / attiadona  / Wjunction forum
---------------------------------
I Love you Mindy
---------------------------------
Email : madrido.jocker@gmail.com

THANKS TO ALL ALGERIANS HACK3RS 
===================================================================================