SQL injection vulnerability in Amelia CMS - 23 February 2010

Home » 2010 » February » 23 » SQL injection vulnerability in Amelia CMS

09.01.25 SQL injection vulnerability in Amelia CMS
# Title: [SQL injection vulnerability in Amelia CMS] # Date: [10.02.2010] # Author: [Ariko-Security] # Software Link: [http://www.ameliadesign.eu/] # Version: [ALL] # Tested on: [freebsd / ubuntu] ============ { Ariko-Security - Advisory #3/2/2010 } ============= SQL injection vulnerability in Amelia CMS Vendor's Description of Software: # http://www.ameliadesign.eu/index.php?page=1322&lang=eng&cnt=services Dork: # N/A Application Info: # Name: Amelia CMS # Versions: ALL Vulnerability Info: # Type: SQL injection Vulnerability # Risk: High Fix: # N/A Time Table # 10/02/2009 - Vendor notified. Input passed via the "page" parameter to index.php is not properly sanitised before being used in a SQL query and it is possible to get sensitive information using for example Time-Base Blind SQL Injection attacks. Solution: # Input validation of "page" parameter should be corrected. Vulnerability: # http://www.[site]/index.php? page=1322[SQLi]&lang=eng&cnt=services Credit: # Discoverd By: MG # Website: http://Ariko-security.com Advisory: #http://www.ariko-security.com/feb2010/ad453.html # Contacts: support[-at-]ariko-security.com
1 2 3 4 5 Views: 821 \| Added by: b1zz4rd \| Rating: 0.0/0

Login:
Password: