Author: Jason Whelan PacketStorm: exploitdev Email: exploitdevj@gmail.com Target Software: Speck CMS Framework, Latest Vendor URL: http://www.speckcms.org/ Multiple SQL Injection Vulnerabilities Examples: portal/user.cfm: SELECT * FROM spUsers WHERE username = '#url.username#' portal/group.cfm: SELECT * FROM spGroups WHERE groupname = '#url.groupname#' Many more exist in this CMS framework. Exploitation will depend on the use of these files within the user's CMS.