Dimac CMS 1.3 XS - 'default.asp' SQL Injection

EDB-ID:

35599

CVE:

N/A


Platform:

ASP

Published:

2011-04-11

source: http://www.securityfocus.com/bid/47291/info

Dimac CMS XS is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query.

A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.

Dimac CMS XS 1.3 is vulnerable; other versions may also be affected. 

The following example URI and data are available:

http://www.example.com/[path]/CMSadmin/default.asp

Username : admin
Password : 1'or'1'='1