vendor:
Pizzis CMS
by:
darkjoker
7.5
CVSS
HIGH
Blind SQL Injection
89
CWE
Product Name: Pizzis CMS
Affected Version From: 1.5.2001
Affected Version To: 1.5.2001
Patch Exists: YES
Related CWE: N/A
CPE: a:pizzis_cms:pizzis_cms
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2009
Pizzis CMS <= 1.5.1 Blind SQL Injection Exploit
Pizzis CMS version 1.5.1 and prior are vulnerable to Blind SQL Injection. This exploit allows an attacker to extract the admin password from the database. The exploit uses a GET request to send a malicious query to the vulnerable application. The malicious query is crafted to extract the admin password from the database. The exploit then iterates through the characters of the password and prints it out.
Mitigation:
Upgrade to the latest version of Pizzis CMS
