SECUNIA ADVISORY ID: SA23590

VERIFY ADVISORY: http://secunia.com/advisories/23590/

CRITICAL: Moderately critical

IMPACT: Manipulation of data, Exposure of system information, Exposure of sensitive information

SOFTWARE: Simple Web Content Management System - http://secunia.com/product/13142/

DESCRIPTION: DarkFig has discovered a vulnerability in Simple Web Content Management System, which can be exploited by malicious people to conduct SQL injection attacks. Input passed to the "id" parameter in page.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation allows retrieval of arbitrary files from the database server.

SOLUTION: Edit the source code to ensure that input is properly sanitised.

PROVIDED AND/OR DISCOVERED BY: DarkFig

ORIGINAL ADVISORY: http://acid-root.new.fr/poc/18070102.txt