vendor:
ZeroCMS
by:
Gjoko 'LiquidWorm' Krstic
7,5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: ZeroCMS
Affected Version From: 1.0
Affected Version To: 1.0
Patch Exists: YES
Related CWE: N/A
CPE: a:another_awesome_stuff:zerocms:1.0
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: Apache/2.4.7 (Win32), PHP/5.5.6, MySQL 5.6.14
2014
ZeroCMS 1.0 (article_id) SQL Injection Vulnerability
Input passed via the 'article_id' GET parameter to zero_view_article.php script is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
Mitigation:
Input validation should be used to prevent SQL injection attacks.
