header-logo
Suggest Exploit
vendor:
TA.CMS
by:
7.5
CVSS
HIGH
Local File Inclusion, SQL Injection
98, 89
CWE
Product Name: TA.CMS
Affected Version From:
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:

TA.CMS local file-include and SQL-injection vulnerabilities

The TA.CMS application is vulnerable to multiple local file-include and SQL-injection vulnerabilities. An attacker can exploit these issues to compromise the application, access or modify data, exploit latent vulnerabilities in the underlying database, and view and execute arbitrary local files within the context of the webserver.

Mitigation:

To mitigate these vulnerabilities, it is recommended to validate and sanitize user-supplied input before using it in any file-include or SQL queries. Additionally, access controls should be implemented to restrict unauthorized access to sensitive files and databases.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/50773/info
 
TA.CMS is prone to multiple local file-include and SQL-injection vulnerabilities.
 
An attacker can exploit these issues to compromise the application, access or modify data, exploit latent vulnerabilities in the underlying database, and view and execute arbitrary local files within the context of the webserver.
 
http://www.example.com/?lang=../../../../../../../../../../../../../../../etc/passwd%00.png&p_id=60

Navigation

Suggest Exploit

Services By CQR

cqrsecured