header-logo
Suggest Exploit
vendor:
SOPHIA CMS
by:
p0pc0rn
5.5
CVSS
MEDIUM
SQL Injection
89
CWE
Product Name: SOPHIA CMS
Affected Version From: 2
Affected Version To: 2
Patch Exists: YES
Related CWE: CVE-2011-1490
CPE: a:alcassoft:sophia_cms
Metasploit: https://www.rapid7.com/db/vulnerabilities/suse-cve-2011-1490/
Other Scripts: https://www.infosecmatter.com/nessus-plugin-library/?id=125964https://www.infosecmatter.com/nessus-plugin-library/?id=84757
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows, Linux, Mac
2011

Alcassoft’s SOPHIA CMS Vulnerable to SQL Injection

Alcassoft's SOPHIA CMS is vulnerable to SQL injection. An attacker can inject malicious SQL queries into the vulnerable parameter 'pageid' in the 'dsp_page.cfm' script. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation of this vulnerability can result in the compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.

Mitigation:

Upgrade to the latest version of Alcassoft's SOPHIA CMS.
Source

Exploit-DB raw data:

Title    : Alcassoft's SOPHIA CMS Vulnerable to SQL Injection
Found by: p0pc0rn 24/02/2011
Web        : http://www.alcassoft.com/site/
Dork    : intext:"Powered by Alcassoft SOPHIA"

SQL
---

http://site.com/path/dsp_page.cfm?pageid=[SQL]

Navigation

Suggest Exploit

Services By CQR