vendor:
MVC-Web CMS
by:
Bl@ckbe@rD ('Tunisian TerrorisT')
9
CVSS
HIGH
Remote SQL Injection
89
CWE
Product Name: MVC-Web CMS
Affected Version From: 1
Affected Version To: 1.2
Patch Exists: NO
Related CWE: N/A
CPE: a:mvc-web_cms:mvc-web_cms
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008
MVC-Web CMS 1.0 and 1.2 Remote SQL Injection Exploit
MVC-Web CMS versions 1.0 and 1.2 are vulnerable to a remote SQL injection attack. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable application. This request contains malicious SQL statements that are executed in the backend database. This can allow an attacker to gain access to sensitive information such as usernames and passwords stored in the database.
Mitigation:
Developers should ensure that user-supplied input is properly sanitized and validated before being used in SQL queries. Additionally, developers should use parameterized queries to prevent SQL injection attacks.
