Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:23262
HistoryFeb 22, 2010 - 12:00 a.m.

SQL injection vulnerability in Amelia CMS

2010-02-2200:00:00
vulners.com
17
JSON

Title: [SQL injection vulnerability in Amelia CMS]

Date: [10.02.2010]

Author: [Ariko-Security]

Software Link: [http://www.ameliadesign.eu/]

Version: [ALL]

Tested on: [freebsd / ubuntu]

============ { Ariko-Security - Advisory #3/2/2010 } =============

   SQL injection vulnerability in Amelia CMS

Vendor's Description of Software:

http://www.ameliadesign.eu/index.php?page=1322&lang=eng&cnt=services

Dork:

N/A

Application Info:

Name: Amelia CMS

Versions: ALL

Vulnerability Info:

Type: SQL injection Vulnerability

Risk: High

Fix:

N/A

Time Table

10/02/2009 - Vendor notified.

Input passed via the "page" parameter to index.php is not properly

sanitised before being used in a SQL query and it is possible to get

sensitive information using for example Time-Base Blind SQL Injection

attacks.

Solution:

Input validation of "page" parameter should be corrected.

Vulnerability:

http://www.[site]/index.php?page=1322[SQLi]&lang=eng&cnt=services

Credit:

Discoverd By: MG

Website: http://Ariko-security.com

Advisory:
#http://www.ariko-security.com/feb2010/ad453.html

Contacts: support[-at-]ariko-security.com

JSON