"The only truly secure system is one that is powered off, cast in a block of concrete and sealed in a lead-lined room with armed guards - and even then I have my doubts. - Gene Spafford"
HIO-2008-0810 Papoo CMS SQLi PDF Print E-mail

Papoo CMS is a popular German "accessible" CMS.

All versions of Papoo exhibit a SQL injection vulnerability,
SQLi occurs where the "suchanzahl" variable doesn't properly sanitize input submitted to the index.php script.
This may allow an attacker to inject or manipulate SQL queries in the backend database.

References:

CVE-2008-3724

BID: 30752

OSVDB: 47554

SA: 31520

XF: 44516

Vendor Solution: Patch (all versions)

 
 
< Prev   Next >
[ Back ]