Release date:
Updated on:
Affected Systems:
Naxtech CMS Afroditi
Description:
--------------------------------------------------------------------------------
Bugtraq id: 64572
CMS Afroditi is a content management system.
CMS Afroditi 1.0 has a security vulnerability in the implementation of the "id" parameter. After successful exploitation, attackers can perform unauthorized database operations.
<* Source: projectzero labs
*>
Test method:
--------------------------------------------------------------------------------
Alert
The following procedures (methods) may be offensive and are intended only for security research and teaching. Users are at your own risk!
Http://www.example.com/default.asp? Id = 25 and 0 & amp; lt; = (SELECT count (*) FROM [site]) and 1 = 1
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Naxtech
-------
Currently, the vendor does not provide patches or upgrade programs. We recommend that users who use the software follow the vendor's homepage to obtain the latest version:
Http://www.naxtech.com/products-content-management.html