MigasCMS 1.0 SQL Injection

2010.05.19
Credit: ITSecTeam
Risk: Medium
Local: No
Remote: Yes
CVE: CVE-2010-2012
CWE: CWE-89


CVSS Base Score: 6.8/10
Impact Subscore: 6.4/10
Exploitability Subscore: 8.6/10
Exploit range: Remote
Attack complexity: Medium
Authentication: No required
Confidentiality impact: Partial
Integrity impact: Partial
Availability impact: Partial

########################################################## #Title: MigasCMS 1.0 SQL Injection #Download: http://www.sebrac.webcindario.com/cms/ ########################################################## #AUTHOR: ITSecTeam #Email: Bug@ITSecTeam.com #Website: http://www.itsecteam.com #Forum : http://forum.ITSecTeam.com #Original Advisory: http://www.itsecteam.com/en/vulnerabilities/vulnerability54.htm #Thanks: r3dm0v3,M3hr@n.s ,pejvak, am!rkh@n ########################################################## #DESCRIPTION (by vendor):################################# A small but complete cms for blogs, and personal page, with file manager and download area. #BUG:##################################################### file: function.php 365: if(isset($_POST['submit'])){ 366: $categ = ($_REQUEST['categorie']); 367: $query="Select * from sbc_links where idlink>0 and category = '$categ'" or die(); 368: } 369: $result= mysql_query($query); #EXPLOIT:################################################# magic quotes must be off

References:

http://www.securityfocus.com/bid/40256
http://www.itsecteam.com/en/vulnerabilities/vulnerability54.htm
http://secunia.com/advisories/39878
http://packetstormsecurity.org/1005-exploits/migascms-sql.txt
http://osvdb.org/64732


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top