vendor:
ParsaWeb CMS
by:
AmnPardaz Security Research & Penetration Testing Group
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: ParsaWeb CMS
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: N/A
Related CWE: N/A
CPE: N/A
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008
ParsaWeb CMS SQL Injection
Input passed to the 'id' parameter in default.aspx and txtSearch in search section are not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
Mitigation:
Edit the source code to ensure that inputs are properly sanitized.