1024 CMS SQL Injection and File Inclusion - Exabytes Security Portal

Categories

Applications (151)
Blogs (3)
Content Management (101)
Customer Relationship (2)
Discussion Boards (19)
E-Commerce (8)
General Purpose Directories (1)
Image Galleries (15)
Mailing Lists (1)
Tips (3)
Vulnerabilities (249)
Access Bypass (42)
Cross Site Scripting (94)
Denial Of Service (2)
File Inclusion (40)
Information Disclosure (13)
Privilege Escalation (2)
Remote Command Execution (12)
Session Hijacking (1)
SQL Injection (84)

1024 CMS SQL Injection and File Inclusion

Published by TL Guan April 18th, 2008 in Content Management, File Inclusion and SQL Injection.

Application: 1024 CMS
Affected Version: 1.4.1 and other versions.
Vendor’s URL: 1024 CMS
Bug Type: SQL Injection, File Inclusion
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitized and verified.

Search

Subscribe

Entries RSS

Latest

Archives