Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:23295
HistoryFeb 25, 2010 - 12:00 a.m.

SQL injection vulnerability in WebAdministrator Lite CMS

2010-02-2500:00:00
vulners.com
22
JSON

Title: [SQL injection vulnerability in WebAdministrator Lite CMS]

Date: [25.02.2010]

Author: [Ariko-Security]

Software Link: [http://jskinternet.pl/]

Version: [Lite]

============ { Ariko-Security - Advisory #5/2/2010 } =============

   SQL injection vulnerability in WebAdministrator Lite CMS

Vendor's Description of Software:

http://jskinternet.pl/portal/jsk/3/Oferta.html

Dork:

webadministrator lite

Application Info:

Name: WebAdministrator Lite CMS

Versions: LITE

Vulnerability Info:

Type: SQL injection Vulnerability

Risk: medium

Fix:

N/A

Time Table:

25/02/2010 - Vendor notified.

25/02/2010 - Vendor response "we will not release FIX for LITE, soon

new version"…

Input passed via the "s" parameter to download.php is not properly

sanitised before being used in a SQL query.

Solution:

Input validation of "s" parameter should be corrected.

Vulnerability:

http://[site]/download.php?s=[SQLi]&id=2324

Credit:

Discoverd By: MG

Website: http://Ariko-security.com

Contacts: support[-at-]ariko-security.com

Ariko-Security
Maciej Gojny
[email protected]
tel.: +48512946012 (Mo-Fr 10.00-20.00 CET)

JSON