Marinet cms SQL Injection Vulnerability

vendor:

Marinet cms

by:

Ashiyane Digital Security Team

9,3

CVSS

HIGH

SQL Injection

CWE

Product Name: Marinet cms

Affected Version From: 1.0

Affected Version To: 1.0

Patch Exists: YES

Related CWE: CVE-2010-2090

CPE: a:marinet:marinet_cms

Metasploit: https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2010-0602/

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows, Linux, Mac

2010

Marinet cms SQL Injection Vulnerability

Marinet cms is prone to an SQL injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. An attacker can exploit this vulnerability to manipulate SQL queries by injecting arbitrary SQL code. This may allow the attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.

Mitigation:

Upgrade to the latest version of Marinet cms.

Source

Exploit-DB raw data:

=========================================================
Marinet cms SQL Injection Vulnerability
=========================================================
##########################################
# Name: Marinet cms SQL Injection Vulnerability
# Date: 2010-05-11
# vendor: http://www.marinet.gr/
# Author: Ashiyane Digital Security Team
# Thanks to: khodam :P, Satanic2000,Veron, ... And All Ashiyane Members ...
# Contact: Xrogue_p3rsi4n_hack3r[at]Hotmail[Dot]com
# Home: www.Ashiyane.org
##########################################

[+] Dork:  intext: "Powered by Marinet"

[+] Vulnerability: www.site.com/[path]/page.php?id=[SQLi]  

[+] Live Demo: http://[site]/page.php?id=[SQLi]


##########################################