The host is installed with ZeroCMS and is prone to multiple sql injection vulnerabilities.

Successful exploitation will allow attackers to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data. Impact Level: Application

No solution or patch is available as of 2nd February, 2015. Information regarding this issue will be updated once the solution details are available. For updates refer to http://aas9.in/zerocms

The flaw exist as input passed via - 'article_id' parameter used in 'zero_view_article.php' script is not properly sanitised before being used. - 'user_id' parameter used in 'zero_user_transact.php' script is not properly sanitised before being used.

ZeroCMS version 1.3.3 and prior.

Send a crafted data via HTTP GET request and check whether it is able execute sql query or not.

• http://1337day.com/exploit/23221
• http://seclists.org/fulldisclosure/2015/Feb/4
• http://sroesemann.blogspot.de/2015/01/sroeadv-2015-13.html

---

Updated on 2015-03-25