Easy Fast Admin SQL Injection

2012.10.09
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89

Exploit Title: Easy Fast Admin sql injection Vulnerability Author: ANDREA BOCCHETTI Security Risk : High - SQL Injection download Link Or Vendor Home: http://www.easyfastadmin.org Affected versions: All Cms version Credits: This vulnerability was discovered and researched by Andrea Bocchetti Impact: An attacker can execute SQL statements. Vendor Status: Vendor was contacted Timeline: Vendor Notification - 04/10/2012 Vendor Response - nothing Fix - no Public Disclosure - 08/10/2012 Date: 08/10/2012 ================================== id parametr is injectable # Exploit : [SQL] articoli.php?id [sql] news.php?id [sql] Demo : http://www.demo.com/news.php?id= sql Demo : http://www.demo.com/articoli.php?id= sql Demo : Demo : http://www.demo.com/xxx.php?id= sql

References:

http://www.easyfastadmin.org


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top