vendor:
Xpoze Pro CMS 2008
by:
farenh3it, sn0wman
9
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Xpoze Pro CMS 2008
Affected Version From: Xpoze Pro CMS 2008 XPOZE Pro 3.06
Affected Version To: Xpoze Pro CMS 2008 XPOZE Pro 3.06
Patch Exists: YES
Related CWE: N/A
CPE: a:xpoze:xpoze_pro_cms_2008
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008
Xpoze Pro CMS 2008 XPOZE Pro 3.06 SQL Injection Exploit
Xpoze Pro CMS 2008 XPOZE Pro 3.06 is vulnerable to a SQL injection attack. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable application. This request contains malicious SQL statements that are executed in the backend database. This can allow an attacker to gain access to sensitive information such as usernames and passwords.
Mitigation:
Developers should ensure that user-supplied input is properly sanitized and validated before being used in SQL queries. Additionally, developers should use parameterized queries to prevent SQL injection attacks.