Lucene search
SecurityvulnsSECURITYVULNS:DOC:23761HistoryMay 05, 2010 - 12:00 a.m.
SmartCMS v.2 SQL injection vulnerability
2010-05-0500:00:00
vulners.com
128
============ { Ariko-Security - Advisory #1/5/2010 } =============
SQL injection vulnerability in SmartCMS v.2
Vendor's Description of Software:
http://www.smartwebsites.com.cy/index.php?pageid=13&lang=en
Dork:
n/a
Application Info:
Name: SmartCMS
Versions: V.2
Vulnerability Info:
Type: SQL injection Vulnerability
Risk: medium
Fix:
N/A
Time Table:
22/04/2010 - Vendor notified.
Input passed via the "pageid" ,"lang" parameters to index.php is not
properly sanitised before being used in a SQL query.
Solution:
Input validation of "pageid","lang" parameters should be corrected.
Vulnerability:
http://[site]/index.php?pageid=[SQLi]&lang=[SQLi]
Credit:
Discoverd By: MG
#Advisory:
http://www.ariko-security.com/apr2010/audyt_bezpieczenstwa_652.html
Website: http://Ariko-security.com
Contacts: support[-at-]ariko-security.com
Ariko-Security
Maciej Gojny
[email protected]
tel.: +48512946012 (Mo-Fr 10.00-20.00 CET)