Home page logo
/

bugtraq logo Bugtraq mailing list archives

Construtiva CIS Manager CMS POST SQLi
From: edge () bitmessage ch
Date: Mon, 19 May 2014 22:21:20 GMT


TL;DR;
======

    . PRODUCT : Construtiva CIS Manager
    . TYPE    : SQLi http://site/autenticar/lembrarlogin.asp (POST email)
    . CVE     : CVE-2014-3749


Software Description
====================

    . The CIS Manager platform is a complete and powerful tool to manage
sites and corporative portals on the Internet. The platform components
bring autonomy to your company to manage the content (structure,
texts, images, downloadable files, articles, news...) without the need
of a developer.

     (...)


Release date
============

2014-05-16


Details
=======

    . SQL injection using POST parameters:

         URL: http://site/autenticar/lembrarlogin.asp
         TYPE: error-based
         PARAM: email
         PAYLOAD: email=xxx' AND (...)


Disclosure Timeline
===================

2014-04-16: Vendor notification.
2014-04-26: No response. Vendor notification again.
2014-05-10: No response. Vendor notification again.
2014-05-16: Public disclosure.


Contact
=======

Thiago C.
edge () bitmessage.ch


  By Date           By Thread  

Current thread:
  • Construtiva CIS Manager CMS POST SQLi edge (May 20)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault