This host is installed with Assesi and is prone to SQL injection vulnerability.

Successful exploitation will allow attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data. Impact Level: Application

No Solution or patch is available as of 18th June, 2014. Information regarding this issue will updated once the solution details are available. For updates refer to http://assesi.com.br

Flaw is due to the vereadores.php script not properly sanitizing user-supplied input to the 'bg' parameter.

Assesi CMS

Send a crafted exploit string via HTTP GET request and check whether it is possible to execute sql query or not.

• http://cxsecurity.com/issue/WLB-2014060003
• http://packetstormsecurity.com/files/126877

---

Updated on 2017-03-28