Minerva Infotech CMS 1.0 Blind SQL Injection

2012.04.12
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89

Exploit Title: Minerva infotech CMS Blind SQL injection Vulnerability Date: 07/04/2012 Author: Andrea Bocchetti Url : http://www.minervait.com/cms-demo/ CMS : Minerva infotech CMS VERSION : 1.0 Category: webapps Info : Minerva infotech CMS 1.0 is used to create, edit, manage, and publish content in a consistently organized fashion. CMS are used for storing, controlling, versioning and publishing industry-specific documentation such as news, articles, operators' manuals, technical manuals, sales guides and marketing brochures. The content management may include computer files, image media, audio files, video files, electronic documents and web content. Minerva Infotech CMS 1.0 is very user friendly and easy to use CMS. Minerva Infotech CMS 1.0 is the easiest way to control the content of the website and the website owner can easily change their contents. General user with basic knowledge can control their website easily. CMS 1.0 user guide will help user to understand each and every aspect of the CMS panel. Exploit : http://www.host.com/path/content.php?ID=X ' <- BLIND SQL INJECTION

References:

http://www.minervait.com/cms-demo/


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2020, cxsecurity.com

 

Back to Top