SECUNIA ADVISORY ID: SA23590
VERIFY ADVISORY: http://secunia.com/advisories/23590/
CRITICAL: Moderately critical
IMPACT: Manipulation of data, Exposure of system information, Exposure of sensitive information
SOFTWARE: Simple Web Content Management System - http://secunia.com/product/13142/
DESCRIPTION: DarkFig has discovered a vulnerability in Simple Web Content Management System, which can be exploited by malicious people to conduct SQL injection attacks. Input passed to the "id" parameter in page.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation allows retrieval of arbitrary files from the database server.
SOLUTION: Edit the source code to ensure that input is properly sanitised.
PROVIDED AND/OR DISCOVERED BY: DarkFig
ORIGINAL ADVISORY: http://acid-root.new.fr/poc/18070102.txt
Simple Web Content Management System *id* SQL InjectionPosted on Thursday, January 04, 2007 @ 11:39:17 CST in Security |
Related
![[Valid RSS]](https://www.ravenphpscripts.com/images/valid-rss.png "Validate my RSS feed"){kind=small}
