| शीर्षक | CmsEasy CmsEasy <=7.7.7 SQL injection |
|---|
| विवरण | CmsEasy <= 7.7.7 is vulnerable to SQL injection via lib/admin/language_admin.php
The CMSEASY content management system (CMS) version 7.7.7 and earlier is susceptible to a SQL injection vulnerability. This security flaw resides in the getslide_child_action function within the lib/admin/slide_admin.php file.
The vulnerable function accepts the sid parameter from the URL and incorporates it into a SQL query, making it prone to SQL injection.
Upon analysis, it was observed that the condition function, used in the getrows function to validate and filter parameters, lacks proper filtering for the benchmark keyword. This omission allows an attacker to perform a time-based blind SQL injection using payloads such as:
sid=1 or benchmark(10000000,md5(5))%23 |
|---|
| स्रोत | ⚠️ https://github.com/V3geD4g/cmseasy_vul/blob/main/SQL1-EN.md |
|---|
| उपयोगकर्ता | V3geD4g (UID 60725) |
|---|
| सबमिशन | 04/01/2024 10:42 AM (2 साल पहले) |
|---|
| संयम | 14/01/2024 05:18 PM (10 days later) |
|---|
| स्थिति | स्वीकृत |
|---|
| VulDB प्रविष्टि | 250693 [CmsEasy तक 7.7.7 language_admin.php getslide_child_action sid SQL इंजेक्शन] |
|---|
| अंक | 20 |
|---|