header-logo
Suggest Exploit
vendor:
4Site CMS
by:
Unknown
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: 4Site CMS
Affected Version From: 4Site CMS 2.6
Affected Version To: Unknown
Patch Exists: NO
Related CWE:
CPE: a:4site_cms:4site_cms:2.6
Metasploit:
Other Scripts:
Platforms Tested: Unknown
Unknown

SQL Injection vulnerability in 4Site CMS

The SQL Injection vulnerability in 4Site CMS allows an attacker to execute unauthorized actions on the database, potentially compromising the application and facilitating further attacks.

Mitigation:

To mitigate this vulnerability, it is recommended to apply the latest security patches and updates provided by the vendor. Additionally, input validation and parameterized queries should be implemented to prevent SQL Injection attacks.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/44258/info

4Site CMS is prone to an SQL-injection vulnerability.

An attacker can exploit this issue to carry out unauthorized actions on the underlying database which may compromise the application and may aid in further attacks.

4Site CMS 2.6 is vulnerable; other versions may also be affected.

http://www.example.com/catalog/index.shtml?cat=-1+UNION+SELECT+@@version