DS CMS 1.0 (NewsId) Remote SQL Injection Vulnerability

vendor:

DS CMS

by:

Palyo34

CVSS

HIGH

Remote SQL Injection

CWE

Product Name: DS CMS

Affected Version From: 1.0

Affected Version To: 1.0

Patch Exists: YES

Related CWE: CVE-2009-4010

CPE: a:dsinternal:ds_cms:1.0

Metasploit: https://www.rapid7.com/db/vulnerabilities/gentoo-linux-cve-2009-4010/, https://www.rapid7.com/db/vulnerabilities/suse-cve-2009-4010/

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: None

2009

DS CMS 1.0 (NewsId) Remote SQL Injection Vulnerability

DS CMS 1.0 (NewsId) is vulnerable to a remote SQL injection vulnerability. An attacker can exploit this vulnerability by sending a maliciously crafted SQL query to the vulnerable parameter ‘NewsId’ in the ‘pfNewsDetail.php’ script. This can allow an attacker to gain access to the database and potentially gain access to sensitive information.

Mitigation:

To mitigate this vulnerability, the application should use parameterized queries and input validation to ensure that user-supplied data is properly sanitized.

Source

DS CMS 1.0 (NewsId) Remote SQL Injection Vulnerability

Mitigation:

Exploit-DB raw data: