vendor:
Online Voting System
by:
Geiseric
8,8
CVSS
HIGH
SQL Injection + Remote Code Execution
89
CWE
Product Name: Online Voting System
Affected Version From: 1.0
Affected Version To: 1.0
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: Ubuntu 20.04
2021
Online Voting System 1.0 – SQLi (Authentication Bypass) + Remote Code Execution (RCE)
This exploit is used to bypass authentication and exploit remote code execution vulnerability in Online Voting System 1.0. It uses SQL injection to find a valid admin user and then uses a malicious image file to exploit the remote code execution vulnerability.
Mitigation:
Input validation should be done on all user inputs. Also, the application should be tested for SQL injection and remote code execution vulnerabilities.
