Smart CMS version 2 suffers from a remote SQL injection vulnerability.
caaf75289cd4e4b5b773a09431bc0f4477f34ac296133164fe207fe0e985c3a6
# Title: [SQL injection vulnerability in SmartCMS v.2]
# Date: [04.05.2010]
# Author: [Ariko-Security]
# Software Link: [https://www.smartwebsites.com.cy/]
# Version: [V.2]
============ { Ariko-Security - Advisory #1/5/2010 } =============
SQL injection vulnerability in SmartCMS v.2
Vendor's Description of Software:
# https://www.smartwebsites.com.cy/index.php?pageid=13&lang=en
Dork:
# n/a
Application Info:
# Name: SmartCMS
# Versions: V.2
Vulnerability Info:
# Type: SQL injection Vulnerability
# Risk: medium
Fix:
# N/A
Time Table:
# 22/04/2010 - Vendor notified.
Input passed via the "pageid" ,"lang" parameters to index.php is not
properly sanitised before being used in a SQL query.
Solution:
# Input validation of "pageid","lang" parameters should be corrected.
Vulnerability:
# https://[site]/index.php?pageid=[SQLi]&lang=[SQLi]
Credit:
# Discoverd By: MG
#Advisory:
https://www.ariko-security.com/apr2010/audyt_bezpieczenstwa_652.html
# Website: https://Ariko-security.com
# Contacts: support[-at-]ariko-security.com
Ariko-Security
vuln@ariko-security.com
tel.: +48512946012 (Mo-Fr 10.00-20.00 CET)