vendor:
XATABoost CMS
by:
MgThuraMoeMyint
8.8
CVSS
HIGH
SQL Injection
89
CWE
Product Name: XATABoost CMS
Affected Version From: 1.0.0
Affected Version To: 1.0.0
Patch Exists: NO
Related CWE: N/A
CPE: a:xataboost:xataboost_cms
Metasploit:
N/A
Other Scripts:
N/A
Platforms Tested: Kali Linux
2018
XATABoost CMS Sql Injection
XATABoost CMS is vulnerable to a Union Based SQL Injection. An attacker can exploit this vulnerability by sending a crafted HTTP request with malicious SQL query to the vulnerable application. This can allow the attacker to gain access to sensitive information from the database.
Mitigation:
Input validation should be used to prevent SQL injection attacks. All user-supplied input should be validated and filtered before being used in SQL queries.
