Hamayeshnegar CMS SQL injection

2018.02.24
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89

SQL injection vulnerability in users/signup.php in the "signup" component in HamayeshNegar CMS allows a remote attacker to execute arbitrary SQL commands via the "utype" parameter.

References:

>
http://edupsyconf.ir/users/signup.php?utype=1
>
http://c-it.ir/users/signup.php?utype=1


Vote for this issue:
100%
0%

Comment it here.

Copyright 2025, cxsecurity.com

 

Back to Top