# Exploit Title: CMS ISWEB 3.5.3 - SQLinjection
# Date: 2018-08-01
# Exploit Author: Offensive0Labs - Thiago Sena & Rafael Fontes Souza
# Vendor Homepage: http://www.isweb.it
# Version: 3.5.3
# Tested on: Linux
# CVE Name: CVE-2018-14956

# PoC:
# CMS ISWEB 3.5.3 is vulnerable to SQLinjection:
# PoC Prints: https://imgur.com/a/buXJJKC
# Vulnerable parameter: ?id=1'