webEdition CMS - 'we_fs.php' SQL Injection
| EKU-ID: 43560 | CVE: CVE-2014-2303;OSVDB-107487 | OSVDB-ID: |
| Author: RedTeam Pentesting GmbH | Published: 2014-05-28 | Verified:
 |
| Download: | ||
Rating☆☆☆☆☆ |
| EKU-ID: 43560 | CVE: CVE-2014-2303;OSVDB-107487 | OSVDB-ID: |
| Author: RedTeam Pentesting GmbH | Published: 2014-05-28 | Verified:
|
| Download: | ||
Rating☆☆☆☆☆ |
source: https://www.securityfocus.com/bid/67689/info webEdition CMS is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input. A successful exploit will allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. webEdition CMS 6.3.3.0 through 6.3.8.0 svn6985 are vulnerable; other versions may also be affected. http://www.example.com/webEdition/we_fs.php?what=4[SQL]