CMS ISWEB version 3.5.3 suffers from a remote SQL injection vulnerability.
618e9d9b72daf87629b0bac6ba634ad8[Description]
CMS ISWEB 3.5.3 is vulnerable to multiple SQL injection flaws. An attacker
can inject malicious queries into the application and obtain
sensitive information.
------------------------------------------
[Additional Information]
PoC Prints: https://imgur.com/a/buXJJKC
?id=1'
------------------------------------------
[Vulnerability Type]
SQL Injection
------------------------------------------
[Vendor of Product]
http://www.isweb.it CMS ISWEB 3.5.3
------------------------------------------
[CVE Name]
CVE-2018-14956
------------------------------------------
[Attack Type]
Remote
------------------------------------------
[Impact Code execution]
true
------------------------------------------
[Impact Information Disclosure]
true
------------------------------------------
[CVE Impact Other]
The attacker can access the entire database, get shell and remote code execution.
------------------------------------------
[Reference]
https://www.owasp.org/index.php/SQL_Injection
------------------------------------------
[Discoverer]
Thiago Sena & Rafael Fontes Souza & Occasio Security