Construtiva CIS Manager suffers from a remote SQL injection vulnerability.
7136c76d7db570fc9ac688d69aeeca0d8846c1171cdc6199197d0dcc66015ca5Construtiva CIS Manager CMS POST SQLi
TL;DR;
======
. PRODUCT : Construtiva CIS Manager
. TYPE : SQLi http://site/autenticar/lembrarlogin.asp (POST email)
. CVE : CVE-2014-3749
Software Description
====================
. The CIS Manager platform is a complete and powerful tool to manage
sites and corporative portals on the Internet. The platform components
bring autonomy to your company to manage the content (structure,
texts, images, downloadable files, articles, news...) without the need
of a developer.
(...)
Release date
============
2014-05-16
Details
=======
. SQL injection using POST parameters:
URL: http://site/autenticar/lembrarlogin.asp
TYPE: error-based
PARAM: email
PAYLOAD: email=xxx' AND (...)
Disclosure Timeline
===================
2014-04-16: Vendor notification.
2014-04-26: No response. Vendor notification again.
2014-05-10: No response. Vendor notification again.
2014-05-16: Public disclosure.
Contact
=======
Thiago C.
edge () bitmessage.ch
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed