vendor:
conpresso
by:
-tmh-
N/A
CVSS
N/A
Remote Blind SQL Injection
89
CWE
Product Name: conpresso
Affected Version From: 3.4.8
Affected Version To: 3.4.8
Patch Exists: YES
Related CWE: N/A
CPE: a:conpresso:conpresso
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2009
conpresso 3.4.8 (detail.php) Remote Blind SQL Injection Exploit
An attacker can exploit this vulnerability by sending a crafted HTTP request to the vulnerable server. The attacker can inject malicious SQL queries in the vulnerable parameter 'nr' of the 'detail.php' script. This can be used to extract data from the database or to execute administrative operations on the database.
Mitigation:
The vendor has released a patch to address this vulnerability. Users are advised to upgrade to the latest version of the software.
