Description

Ektron CMS400.NET is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements to the ContentRatingGraph.aspx script using the res parameter, which could allow the attacker to view, add, modify or delete information in the back-end database.

Remediation

Upgrade to the latest version Ektron CMS.

References

Ektron CMS400.NET ContentRatingGraph.aspx SQL injection

Ektron CMS400.NET 'ContentRatingGraph.aspx' SQL Injection Vulnerability

Related Vulnerabilities

Apache Tomcat Improper Input Validation Vulnerability (CVE-2013-2185)

Atlassian Jira URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2019-20417)

MySQL NULL Pointer Dereference Vulnerability (CVE-2020-1971)

ReviveAdserver Improper Authentication Vulnerability (CVE-2016-9124)

PHP Other Vulnerability (CVE-2006-1494)

Severity

High

Classification

CVE-2008-5122 CWE-89 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Tags

Known Vulnerabilities SQL Injection