Author: Jason Whelan
PacketStorm: exploitdev
Email: exploitdevj@gmail.com
Target Software: Speck CMS Framework, Latest
Vendor URL: http://www.speckcms.org/
Multiple SQL Injection Vulnerabilities
Examples:
portal/user.cfm:
SELECT * FROM spUsers WHERE username = '#url.username#'
portal/group.cfm:
SELECT * FROM spGroups WHERE groupname = '#url.groupname#'
Many more exist in this CMS framework. Exploitation will depend on the use
of these files within the user's CMS.