RedTeam Pentesting discovered an SQL injection vulnerability in the file browser component of webEdition CMS during a penetration test. Unauthenticated attackers can get read-only access on the SQL database used by webEdition and read for example password hashes used by administrative accounts. webEdition versions 6.3.8.0 svn6985 down to 6.3.3.0 is affected.
81fbc39f2a3459ae92ce585e8a2427adfa9b14d16218f83cd98c65bec9a49df0