vendor:
SlimCMS
by:
athos
9
CVSS
HIGH
SQL Injection
89
CWE
Product Name: SlimCMS
Affected Version From: 1.0.0
Affected Version To: 1.0.0
Patch Exists: YES
Related CWE: N/A
CPE: a:slimcms:slimcms:1.0.0
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008
SlimCMS <= 1.0.0 (edit.php) Remote SQL Injection Exploit
A remote SQL injection vulnerability exists in SlimCMS version 1.0.0 and earlier. The vulnerability is due to insufficient sanitization of user-supplied input in the 'pageID' parameter of the 'edit.php' script. An attacker can exploit this vulnerability to inject and execute arbitrary SQL commands in the application's back-end database, allowing for the manipulation or disclosure of arbitrary data. This vulnerability can be exploited without authentication.
Mitigation:
Ensure that user-supplied input is properly sanitized before being used in SQL queries.