724CMS Enterprise Version 4.59 SQL Injection Vulnerability

vendor:

724CMS Enterprise

by:

cyberlog

7,5

CVSS

HIGH

SQL Injection

CWE

Product Name: 724CMS Enterprise

Affected Version From: 4.59

Affected Version To: 4.59

Patch Exists: N/A

Related CWE: N/A

CPE: 724cms:enterprise:4.59

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

Discovered in 2020

724CMS Enterprise Version 4.59 SQL Injection Vulnerability

A SQL injection vulnerability exists in 724CMS Enterprise Version 4.59. An attacker can send a maliciously crafted HTTP request to the vulnerable server, which can allow the attacker to execute arbitrary SQL commands on the underlying database.

Mitigation:

Input validation should be used to prevent SQL injection attacks. Additionally, parameterized queries should be used to prevent SQL injection attacks.

Source

Exploit-DB raw data:

# 724CMS Enterprise Version 4.59 SQL Injection Vulnerability
# Homepage : http://724cms.com/
# Discovered: by cyberlog
# Dork : 724CMS Powered, 724CMS Version 4.59. Enterprise
# Thanks : r00t3r,adhietslank, k1n9k0ng, cr4wl3r,cah_gemblunkz, jayoes, thesims, setiawan,irvian,
           EA_Angel,BlueSpy, SoEy, A-technique, SarifJedul, wiro gendeng, ridho_bugs
# My Site : http://sekuritionline.net
# Channel : #sekuritionline


# Exploit :
# http://[target]/index.php?Lang=En&ID=[SQL Injection]


#special to Mama Sri Rahayu, C0li a.k.a antisecurity [ pinjem script perl-na ] :)
==============================================
We never die !!!! indonesian Underground Community
anjing buat oknum Pemerintah yang suka nilep uang rakyat !!!