Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:30868
HistoryJun 14, 2014 - 12:00 a.m.

Construtiva CIS Manager CMS POST SQLi

2014-06-1400:00:00
vulners.com
19
JSON

TL;DR;

. PRODUCT : Construtiva CIS Manager
. TYPE    : SQLi http://site/autenticar/lembrarlogin.asp (POST email)
. CVE     : CVE-2014-3749

Software Description

. The CIS Manager platform is a complete and powerful tool to manage

sites and corporative portals on the Internet. The platform components
bring autonomy to your company to manage the content (structure,
texts, images, downloadable files, articles, news…) without the need
of a developer.

 (...)

Release date

2014-05-16

Details

. SQL injection using POST parameters:

     URL: http://site/autenticar/lembrarlogin.asp
     TYPE: error-based
     PARAM: email
     PAYLOAD: email=xxx' AND (...)

Disclosure Timeline

2014-04-16: Vendor notification.
2014-04-26: No response. Vendor notification again.
2014-05-10: No response. Vendor notification again.
2014-05-16: Public disclosure.

Contact

Thiago C.
edge () bitmessage.ch

Related

openvas 1
prion 1
packetstorm 1
cve 1
securityvulns 1
openvas
openvas
CIS Manager 'email' Parameter SQL Injection Vulnerability
2014-05-26 00:00:00
prion
prion
Sql injection
2014-05-20 14:55:00
packetstorm
packetstorm
Construtiva CIS Manager SQL Injection
2014-05-18 00:00:00
cve
cve
CVE-2014-3749
2014-05-20 14:55:00
securityvulns
securityvulns
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
2014-06-14 00:00:00
JSON
Related for SECURITYVULNS:DOC:30868
openvas1prion1packetstorm1cve1securityvulns1