ZeroCMS article_id parameter SQL Injection Vulnerability
Release date:
Updated on:
Affected Systems:
ZeroCMS: ZeroCMS 1.0
Description:
--------------------------------------------------------------------------------
CVE (CAN) ID: CVE-2014-4034
ZeroCMS is a simple content management system built with PHP and MySQL.
ZeroCMS 1.0 has the SQL injection vulnerability in zero_view_article.php. Remote attackers can exploit this vulnerability to execute arbitrary SQL commands using the article_id parameter.
<* Source: Gjoko 'liquidworm' Krstic
Link: http://www.exploit-db.com/exploits/33702/
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
ZeroCMS
-------
Currently, the vendor does not provide patches or upgrade programs. We recommend that users who use the software follow the vendor's homepage to obtain the latest version:
Http://www.aas9.in/zerocms/
Reference: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2014-5186.php
This article permanently updates the link address: