Amelia CMS remote SQL injection

2010-02-22 / 2010-02-23
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89

# Title: [SQL injection vulnerability in Amelia CMS] # Date: [10.02.2010] # Author: [Ariko-Security] # Software Link: [http://www.ameliadesign.eu/] # Version: [ALL] # Tested on: [freebsd / ubuntu] ============ { Ariko-Security - Advisory #3/2/2010 } ============= SQL injection vulnerability in Amelia CMS Vendor's Description of Software: # http://www.ameliadesign.eu/index.php?page=1322&lang=eng&cnt=services Dork: # N/A Application Info: # Name: Amelia CMS # Versions: ALL Vulnerability Info: # Type: SQL injection Vulnerability # Risk: High Fix: # N/A Time Table # 10/02/2009 - Vendor notified. Input passed via the "page" parameter to index.php is not properly sanitised before being used in a SQL query and it is possible to get sensitive information using for example Time-Base Blind SQL Injection attacks. Solution: # Input validation of "page" parameter should be corrected. Vulnerability: # http://www.[site]/index.php?page=1322[SQLi]&lang=eng&cnt=services Credit: # Discoverd By: MG # Website: http://Ariko-security.com Advisory: #http://www.ariko-security.com/feb2010/ad453.html # Contacts: support[-at-]ariko-security.com


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top