Exploit

EDB-ID: 37444	Author: AkaStep	Published: 2012-06-22
CVE: N/A	Type: Webapps	Platform: PHP
Aliases: N/A	Advisory/Source: Link	Tags: Vulnerability
E-DB Verified:	Exploit: Download / View Raw	Vulnerable App: N/A

« Previous Exploit Next Exploit »

source: http://www.securityfocus.com/bid/54147/info

Cotonti is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query.

A successful exploit may allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.

Cotonti 0.6.23 is vulnerable; other versions may also be affected. 

http://www.example.com/admin.php?m=hits&f=year&v=1[SQLi]

Related Exploits

Other Possible E-DB Search Terms: Cotonti

Date	Title	Author
2013-08-02	Cotonti 0.9.13 - SQL Injection	High-Tech B...
2011-05-30	Cotonti 0.9.2 - Multiple SQL Injections	KedAns-Dz
2011-10-10	cotonti CMS 0.9.4 - Multiple Vulnerabilities	LiquidWorm

Cotonti - 'admin.php' SQL Injection

Related Exploits