Home / os / winme

Wild CMS SQL Injection Vulnerability

Posted on 09 March 2010

====================================
Wild CMS SQL Injection Vulnerability
====================================

============ { Ariko-Security - Advisory #4/3/2010 } =============
 
SQL injection vulnerability in wILD CMS
 
 
Vendor's Description of Software:
# http://www.wildcms.com/
Vulnerable DEMO
# http://www.wildcms.com/page.php?page_id=139
 
Dork:
# N/A
 
Application Info:
# Name: wILD CMS
Vulnerability Info:
# Type: SQL injection Vulnerability
# Risk: medium
 
Fix:
# N/A
 
Time Table:
# 01/03/2010 - Vendor notified.
 
Input passed via the "page_id" parameter to page.php is not properly sanitised before being used in a SQL query.
 
Solution:
# Input validation of "page_id" parameter should be corrected.
 
Vulnerabilities:
# http://[site]/page.php?page_id=139[SQLi]


# ~  - [ [ : Inj3ct0r : ] ]

 

TOP