Re: [Full-disclosure] Amiro.CMS <= 5.4.4 SQL inj
- From: Henri Salo <henri@xxxxxxx>
- Date: Thu, 22 Apr 2010 21:00:10 +0300
On Thu, 22 Apr 2010 21:20:26 +0400
Владимир Воронцов <vladimir.vorontsov@xxxxxxxx> wrote:
No.
On Thu, 22 Apr 2010 18:35:48 +0300, Henri Salo <henri@xxxxxxx> wrote:
On Thu, 22 Apr 2010 09:52:26 +0400
Владимир Воронцов <vladimir.vorontsov@xxxxxxxx> wrote:
In the system of site management Amiro.CMS found a critical
vulnerability introduction operators database. The vulnerability
allows an attacker, in particular, to compromise a target system,
gain administrative access.
Vulnerability has been discovered introduction of operators
database at user registration. An attacker can fill in the
"signature in the forum" with special data and affect the
structure of the query to the DBMS. Information about the request
not be displayed on the screen, thus possibly
conduct "blind" injections in order to obtain data or injections in
order to displace the data. Injection takes place in the operator
database INSERT. Further details were not disclosed at the request
of the developer.
Original at Russian: http://onsec.ru/vuln?id=20
Have you requested CVE-identifier for this?
---
Henri Salo
Please do: http://cve.mitre.org/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
- References:
- [Full-disclosure] Amiro.CMS <= 5.4.4 SQL inj
- From: Владимир Воронцов
- Re: [Full-disclosure] Amiro.CMS <= 5.4.4 SQL inj
- From: Henri Salo
- [Full-disclosure] Amiro.CMS <= 5.4.4 SQL inj
- Prev by Date: Re: [Full-disclosure] IE8 img tag HiJacking
- Next by Date: Re: [Full-disclosure] IE8 img tag HiJacking
- Previous by thread: Re: [Full-disclosure] Amiro.CMS <= 5.4.4 SQL inj
- Next by thread: [Full-disclosure] Please Welcome SuperFB ( and ignore this message )
- Index(es):
Relevant Pages
|
