关键信息 标题 WebStudio CMS - Blind SQL Injection 编号与认证 EDB-ID: 7216 CVE: 2008-5336 EDB Verified: ✓ 作者与类型 Author: GLAFKOS CHARALAMBOS Type: WEBAPPS Exploit: Download / Code 平台与日期 Platform: PHP Date: 2008-11-24 漏洞信息 Application: WebStudio CMS Vendor Name: BDigital Media Ltd Vendors Url: http://www.bdigital.biz Bug Type: WebStudio CMS (pageid) Blind SQL Injection Vulnerability Exploitation: Remote Severity: Critical Solution Status: Unpatched 描述 WebStudio CMS is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. PoC (TRUE) (FALSE) Exploit (TRUE) (FALSE) (FALSE) Solution Edit source code manually to ensure user-supplied input is correctly sanitised.