bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/php/webapps/18202.txt
Offensive Security 36c084c351 DB: 2021-09-03 
45419 changes to exploits/shellcodes

2 new exploits/shellcodes

Too many to list!
2021-09-03 13:39:06 +00:00

47 lines
No EOL
1.2 KiB
Text
Raw Blame History

Advisory: Meditate Web Content Editor 'username_input' SQL-Injection vulnerability
Advisory ID: SSCHADV2011-039
Author: Stefan Schurtz
Affected Software: Successfully tested on Meditate 1.2
Vendor URL: http://www.arlomedia.com/
Vendor Status: fixed
==========================
Vulnerability Description
==========================
Meditate Web Content Editor is prone to a SQL-Injection vulnerability
==================
PoC-Exploit
==================
http://<target>/meditate_2.0/index.php?page=login_submit -> POST-Parameter 'username_input=[sql-injection]'
=========
Solution
=========
Upgrade to version 1.2.1
====================
Disclosure Timeline
====================
30-Nov-2011 - Secunia SVCRP (vuln@secunia.com)
02-Dec-2011 - fixed by vendor
05-Dec-2011 - release date of this security advisory
05-Dec-2011 - post on BugTraq
========
Credits
========
Vulnerability found and advisory written by Stefan Schurtz.
===========
References
===========
http://www.arlomedia.com/software/meditate/meditate/docs/release_notes.html
http://www.rul3z.de/advisories/SSCHADV2011-039.txt
http://secunia.com/advisories/47010/
Reference in a new issue View git blame Copy permalink