Written by DNX
Wednesday, 04 March 2009 22:13
Xomol CMS 'index.php' SQL Injection Vulnerability
Input Validation Error
May 25 2008 12:00AM
Mar 04 2009 01:46PM
xomol.net Xomol CMS 1
Xomol CMS is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Xomol CMS 1 is vulnerable; other versions may also be affected.
Attackers can use a browser to exploit this issue.
The following example is available:
Login with email: " OR user_group=1/*"" and password: not empty
The vendor has released updates. Please contact the vendor for more information.
--Xomol CMS Homepage