VULNERABLE: SQL injection vulnerability exists in CuppaCMS. An attacker can inject query in
“/administrator/components/table_manager/" via the ‘order_by’ parameters.
Description: The vulnerability is present in the “/administrator/components/table_manager/" , and can
be exploited throuth a POST request via the ‘order_by’ parameters.
Impact: Allow attacker inject query and access , disclosure of all data on the system.
Suggestions: User input should be filter, Escaping and Parameterized Queries.
The text was updated successfully, but these errors were encountered:
truonghuuphuc
changed the title
Time-based SQL Injection “/administrator/components/table_manager/" via the ‘order_by’ parameters.
Time-based SQL Injection
Jan 10, 2022
“/administrator/components/table_manager/" via the ‘order_by’ parameters.
be exploited throuth a POST request via the ‘order_by’ parameters.
The text was updated successfully, but these errors were encountered: