Jaow CMS SQL Injection Vulnerability
BID:53677
Info
Jaow CMS SQL Injection Vulnerability
| Bugtraq ID: | 53677 |
| Class: | Input Validation Error |
| CVE: |
CVE-2012-2952 |
| Remote: | Yes |
| Local: | No |
| Published: | May 23 2012 12:00AM |
| Updated: | Mar 19 2015 07:35AM |
| Credit: | kallimero |
| Vulnerable: |
Jaow Jaow CMS 2.4.5 |
| Not Vulnerable: |
Jaow Jaow CMS 2.4.6 |
Discussion
Jaow CMS SQL Injection Vulnerability
Jaow CMS is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, to access or modify data, or to exploit latent vulnerabilities in the underlying database.
Jaow 2.4.5 and prior versions are vulnerable.
Jaow CMS is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, to access or modify data, or to exploit latent vulnerabilities in the underlying database.
Jaow 2.4.5 and prior versions are vulnerable.
Exploit / POC
Jaow CMS SQL Injection Vulnerability
Attackers can use a browser to exploit this issue.
The following example URI is available:
http://www.example.com/[path]/add_ons.php?add_ons=[SQL injection]
The following exploit is available:
Attackers can use a browser to exploit this issue.
The following example URI is available:
http://www.example.com/[path]/add_ons.php?add_ons=[SQL injection]
The following exploit is available:
Solution / Fix
Jaow CMS SQL Injection Vulnerability
Solution:
Vendor updates are available. Please see the references for more information.
Solution:
Vendor updates are available. Please see the references for more information.