Exploit PacerCMS 0.6 - 'id' Multiple SQL Injections

[Exploiter]

EDB-ID

31048

Проверка EDB

1. Пройдено

Автор

RAWSECURITY.ORG

Тип уязвимости

WEBAPPS

Платформа

PHP

CVE

cve-2008-0451

Дата публикации

2008-01-22

source: https://www.securityfocus.com/bid/27397/info

PacerCMS is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in SQL queries.

A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.

These issues affect versions prior to PacerCMS 0.6.1.

NOTE: To exploit these issues, the attacker may require 'staff member' access.

http://www.example.com/pacercms/siteadmin/article-edit.php?id=[SQL]