XOOPS 2.5.9 - SQL Injection



EKU-ID: 50921 CVE: OSVDB-ID:
Author: felipe andrian Published: 2019-05-13 Verified: Not Verified
Download:

Rating

☆☆☆☆☆
Home 


[+] Sql Injection on XOOPS CMS v.2.5.9

[+] Date: 12/05/2019

[+] Risk: High

[+] CWE Number : CWE-89

[+] Author: Felipe Andrian Peixoto

[+] Vendor Homepage: https://xoops.org/

[+] Contact: felipe_andrian@hotmail.com

[+] Tested on: Windows 7 and Gnu/Linux

[+] Dork: inurl:gerar_pdf.php inurl:modules // use your brain ;)

[+] Exploit :

        http://host/patch/modules/patch/gerar_pdf.php?cid= [SQL Injection]


[+] EOF