header-logo
Suggest Exploit
vendor:
Contrexx CMS
by:
hamidreza borghei
8,8
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Contrexx CMS
Affected Version From: 1.0.0
Affected Version To: 1.0.0
Patch Exists: N/A
Related CWE: N/A
CPE: a:contrexx:contrexx_cms
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Linux
2016

Contrexx CMS:egov moudle SQL injection

SQL injection in id parameter: http://server/index.php?section=egov&cmd=details&id=[sql query]

Mitigation:

Input validation and sanitization should be done to prevent SQL injection attacks.
Source

Exploit-DB raw data:

# Exploit Title: Contrexx CMS:egov moudle SQL injection
# Google Dork: inurl:?section=egov
# Date: 12/9/2016
# Exploit Author: hamidreza borghei
# Software Link: https://www.cloudrexx.com/de/index.php?section=downloads&cmd=7&category=8
# Version: 1.0.0
# Tested on: linux

sql injection in id parameter:

http://server/index.php?section=egov&cmd=details&id=[sql query]

Navigation

Suggest Exploit

Services By CQR