An issue was discovered in DuomiCMS 3.0. SQL injection exists in the ajax.php file, as demonstrated by the uid parameter.
References
Link | Resource |
---|---|
https://github.com/Mochazz/Mochazz.github.io/blob/master/2018/09/30/DuomiCms3.0%E6%9C%80%E6%96%B0%E7%89%88%E6%BC%8F%E6%B4%9E%E6%8C%96%E6%8E%98/index.html | Exploit Third Party Advisory |
https://mochazz.github.io/2018/09/30/DuomiCms3.0%E6%9C%80%E6%96%B0%E7%89%88%E6%BC%8F%E6%B4%9E%E6%8C%96%E6%8E%98/ | Exploit Third Party Advisory |
https://github.com/Mochazz/Mochazz.github.io/blob/master/2018/09/30/DuomiCms3.0%E6%9C%80%E6%96%B0%E7%89%88%E6%BC%8F%E6%B4%9E%E6%8C%96%E6%8E%98/index.html | Exploit Third Party Advisory |
https://mochazz.github.io/2018/09/30/DuomiCms3.0%E6%9C%80%E6%96%B0%E7%89%88%E6%BC%8F%E6%B4%9E%E6%8C%96%E6%8E%98/ | Exploit Third Party Advisory |
Configurations
History
21 Nov 2024, 03:55
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/Mochazz/Mochazz.github.io/blob/master/2018/09/30/DuomiCms3.0%E6%9C%80%E6%96%B0%E7%89%88%E6%BC%8F%E6%B4%9E%E6%8C%96%E6%8E%98/index.html - Exploit, Third Party Advisory | |
References | () https://mochazz.github.io/2018/09/30/DuomiCms3.0%E6%9C%80%E6%96%B0%E7%89%88%E6%BC%8F%E6%B4%9E%E6%8C%96%E6%8E%98/ - Exploit, Third Party Advisory |
Information
Published : 2018-10-09 18:29
Updated : 2024-11-21 03:55
NVD link : CVE-2018-18084
Mitre link : CVE-2018-18084
CVE.ORG link : CVE-2018-18084
JSON object : View
Products Affected
comsenz
- duomicms
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')