Asanhamayesh CMS 3.4.6 SQL injection

2018.02.26
Risk: Medium
Local: No
Remote: Yes
CWE: CWE-89


CVSS Base Score: 7.5/10
Impact Subscore: 6.4/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: Partial
Integrity impact: Partial
Availability impact: Partial

> [Suggested description] > SQL injection vulnerability in files.php in the "files" component in > ASANHAMAYESH CMS 3.4.6 allows a remote attacker to execute arbitrary SQL > commands via the "id" parameter. > > ------------------------------------------ > > [Additional Information] > This CMS specialty designed for managing the conferences. most of > scientific conferences in IRAN use this CMS to manage the users to > submit articles and also a voting platform for reviewers to select the > best articles. Based on my report a remote attacker can gain access > databases and all users, reviewers and articles private information > will be disclose. > > ------------------------------------------ > > [Vulnerability Type] > SQL Injection > > ------------------------------------------ > > [Vendor of Product] > asanhamayesh.com > > ------------------------------------------ > > [Affected Product Code Base] > CMS - 3.4.6 > > ------------------------------------------ > > [Affected Component] > Databases, all users information, reviewers personal information, private articles. > > ------------------------------------------ > > [Attack Type] > Remote > > ------------------------------------------ > > [Impact Escalation of Privileges] > true > > ------------------------------------------ > > [Impact Information Disclosure] > true > > ------------------------------------------ > > [Attack Vectors] > An attacker as a normal user would use a simple SQL injection. > > ------------------------------------------ > > [Reference] > http://itjdconf.ir/fa/files.php?id=2 > > ------------------------------------------ > > [Discoverer] > Ali Abdollahi

References:

http://itjdconf.ir/fa/files.php?id=2


Vote for this issue:
83%
17%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2019, cxsecurity.com

 

Back to Top