PT-2008-5458 · Unknown · Zanfi Cms Lite+1
Cru3L.B0Y
·
Publicado
2008-09-22
·
Atualizado
2017-09-29
·
CVE-2008-4159
CVSS v2.0
7.5
Alta
| Vetor | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Jaw Portal (affected versions not specified)
Zanfi CMS lite (affected versions not specified)
Description
The issue allows remote attackers to execute arbitrary SQL commands via the
pageid parameter in the "index.php" file. This can be exploited by sending a malicious request to the /index.php endpoint.Recommendations
For Jaw Portal, update the index.php file to properly sanitize the
pageid parameter to prevent SQL injection.
For Zanfi CMS lite, update the index.php file to properly sanitize the pageid parameter to prevent SQL injection.
As a temporary workaround, consider restricting access to the index.php file until a patch is available.Exploit
Correção
SQL injection
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Jaw Portal
Zanfi Cms Lite