Note:
This project will be discontinued after December 13, 2021. [more]
2019-07-19
Ovidentia 8.4.3 has SQL Injection via the id parameter in an index.php?tg=delegat&idx=mem request.
Products | Ovidentia |
Type | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') (CWE-89) |
First patch | - None (likely due to unavailable code) |
Links |
• http://packetstormsecurity.com/files/153738/Ovidentia-8.4.3-SQL-Injection.html
• https://github.com/Kitsun3Sec/exploits/blob/master/cms/ovidentia/exploitSQLIOvidentia.txt |