|
Feeds -
Exploits
|
|
Written by DNX
|
|
Wednesday, 04 March 2009 22:13 |
Xomol CMS 'index.php' SQL Injection Vulnerability
-\\Bugtraq ID:
29358
-\\Class:
Input Validation Error
-\\CVE:
-\\Remote:
Yes
-\\Local:
No
-\\Published:
May 25 2008 12:00AM
-\\Updated:
Mar 04 2009 01:46PM
-\\Credit:
DNX
-\\Vulnerable:
xomol.net Xomol CMS 1
-\\Discussion
Xomol CMS is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Xomol CMS 1 is vulnerable; other versions may also be affected.
-\\Exploit(s)/PoC(s):
Attackers can use a browser to exploit this issue.
The following example is available:
Login with email: " OR user_group=1/*"" and password: not empty
-\\Solution
The vendor has released updates. Please contact the vendor for more information.
-\\References(s)
--Xomol CMS Homepage
http://www.xomol.net (xomol.net)
|
