Lucene search
Thiago C.PACKETSTORM:126659HistoryMay 18, 2014 - 12:00 a.m.
Construtiva CIS Manager SQL Injection
2014-05-1800:00:00
Thiago C.
packetstormsecurity.com
23
0.001 Low
EPSS
Percentile
28.7%
`Construtiva CIS Manager CMS POST SQLi
TL;DR;
======
. PRODUCT : Construtiva CIS Manager
. TYPE : SQLi http://site/autenticar/lembrarlogin.asp (POST email)
. CVE : CVE-2014-3749
Software Description
====================
. The CIS Manager platform is a complete and powerful tool to manage
sites and corporative portals on the Internet. The platform components
bring autonomy to your company to manage the content (structure,
texts, images, downloadable files, articles, news...) without the need
of a developer.
(...)
Release date
============
2014-05-16
Details
=======
. SQL injection using POST parameters:
URL: http://site/autenticar/lembrarlogin.asp
TYPE: error-based
PARAM: email
PAYLOAD: email=xxx' AND (...)
Disclosure Timeline
===================
2014-04-16: Vendor notification.
2014-04-26: No response. Vendor notification again.
2014-05-10: No response. Vendor notification again.
2014-05-16: Public disclosure.
Contact
=======
Thiago C.
edge () bitmessage.ch
`
Related
prion
prion
Sql injection
2014-05-20 14:55:00
nvd
nvd
CVE-2014-3749
2014-05-20 14:55:05
cvelist
cvelist
CVE-2014-3749
2014-05-20 14:00:00
openvas
openvas
CIS Manager 'email' Parameter SQL Injection Vulnerability
2014-05-26 00:00:00
securityvulns
securityvulns
Construtiva CIS Manager CMS POST SQLi
2014-06-14 00:00:00
cve
cve
CVE-2014-3749
2014-05-20 14:55:05