============ { Ariko-Security - Advisory #1/5/2010 } =============
SQL injection vulnerability in SmartCMS v.2
Vendor's Description of Software:
Dork:
Application Info:
Vulnerability Info:
Fix:
Time Table:
Input passed via the "pageid" ,"lang" parameters to index.php is not
properly sanitised before being used in a SQL query.
Solution:
Vulnerability:
Credit:
#Advisory:
http://www.ariko-security.com/apr2010/audyt_bezpieczenstwa_652.html
Ariko-Security
Maciej Gojny
[email protected]
tel.: +48512946012 (Mo-Fr 10.00-20.00 CET)