header-logo
Suggest Exploit
vendor:
CIS Manager CMS
by:
Felipe Andrian Peixoto
7,5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: CIS Manager CMS
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows 7 and Linux
2014

Sql Injection on CIS Manager CMS

A SQL injection vulnerability exists in the default.asp file of CIS Manager CMS, which is a content management system developed by Construtiva. An attacker can exploit this vulnerability by sending malicious SQL queries to the vulnerable parameter 'TroncoID' in the default.asp file. This can allow the attacker to gain access to the database and execute arbitrary code.

Mitigation:

Input validation should be used to prevent SQL injection attacks. The application should also be configured to use the least privileged user account with the least amount of privileges.
Source

Exploit-DB raw data:

[+] Sql Injection on CIS Manager CMS
[+] Date: 01/04/2014
[+] Risk: High
[+] Author: Felipe Andrian Peixoto
[+] Vendor Homepage: http://www.construtiva.com.br/
[+] Contact: felipe_andrian@hotmail.com
[+] Tested on: Windows 7 and Linux
[+] Vulnerable File: default.asp
[+} Dork : intext:"Powered by CIS Manager"
[+] Exploit : http://host/site/default.asp?TroncoID=[SQL Injection]

Navigation

Suggest Exploit

Services By CQR