Bugtraq mailing list archives
Construtiva CIS Manager CMS POST SQLi
From: edge () bitmessage ch
Date: Mon, 19 May 2014 22:21:20 GMT
TL;DR; ====== . PRODUCT : Construtiva CIS Manager . TYPE : SQLi http://site/autenticar/lembrarlogin.asp (POST email) . CVE : CVE-2014-3749 Software Description ==================== . The CIS Manager platform is a complete and powerful tool to manage sites and corporative portals on the Internet. The platform components bring autonomy to your company to manage the content (structure, texts, images, downloadable files, articles, news...) without the need of a developer. (...) Release date ============ 2014-05-16 Details ======= . SQL injection using POST parameters: URL: http://site/autenticar/lembrarlogin.asp TYPE: error-based PARAM: email PAYLOAD: email=xxx' AND (...) Disclosure Timeline =================== 2014-04-16: Vendor notification. 2014-04-26: No response. Vendor notification again. 2014-05-10: No response. Vendor notification again. 2014-05-16: Public disclosure. Contact ======= Thiago C. edge () bitmessage.ch
Current thread:
- Construtiva CIS Manager CMS POST SQLi edge (May 20)