Phenotype CMS 3.0 SQL Injection

Posted on 07 January 2011

Vulnerability ID: HTB22769 Reference: http://www.htbridge.ch/advisory/sql_injection_in_phenotype_cms.html Product: Phenotype CMS Vendor: http://www.phenotype-cms.com ( http://www.phenotype-cms.com ) Vulnerable Version: 3.0 Vendor Notification: 21 December 2010 Vulnerability Type: SQL Injection Status: Not Fixed, Vendor Alerted, Awaiting Vendor Response Risk level: High Credit: High-Tech Bridge SA - Ethical Hacking & Penetration Testing (http://www.htbridge.ch/) Vulnerability Details: Attacker can alter queries to the application SQL database, execute arbitrary queries to the database, compromise the application, access or modify sensitive data, or exploit various vulnerabilities in the underlying SQL database. The following PoC is available: http://[host]/Gallery/gal_id/1/image1%27SQL_CODE.html

TOP

Malware :

RATDispenser
whispergate
Borat RAT
Trojanized X_Trader
BlackLotus

Last 20

Exploits :

Customer Support System 1.0 Cross Site Scripting
Xhibiter NFT Marketplace 1.10.2 SQL Injection
WordPress WPCode Lite 2.1.14 Cross Site Scripting
Azon Dominator Affiliate Marketing Script SQL Injection
Simple Laboratory Management System 1.0 SQL Injection

Last 20